PSARC/2015/179 OpenSSH 6.8
authorTomas Kuthan <tomas.kuthan@oracle.com>
Thu, 18 Jun 2015 07:01:42 -0700
changeset 4503 bf30d46ab06e
parent 4498 ce7fc2376fb0
child 4505 66ff214a993c
PSARC/2015/179 OpenSSH 6.8 20919294 upgrade OpenSSH to 6.8p1
components/openssh/Makefile
components/openssh/patches/005-openssh_krb5_build_fix.patch
components/openssh/patches/007-manpages.patch
components/openssh/patches/011-useprivilegedport_regression.patch
components/openssh/patches/012-acceptenv.patch
components/openssh/patches/013-dtrace_sftp.patch
components/openssh/patches/014-disable_banner.patch
components/openssh/patches/016-pam_enhancement.patch
components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch
components/openssh/patches/021-CVE-2014-2653.patch
components/openssh/patches/022-solaris_audit.patch
components/openssh/patches/023-gsskex.patch
components/openssh/patches/024-disable_ed25519.patch
components/openssh/patches/025-login_to_a_role.patch
components/openssh/patches/027-missing_include.patch
components/openssh/patches/028-relax_bits_needed_check.patch
components/openssh/sources/kexgssc.c
components/openssh/sources/kexgsss.c
--- a/components/openssh/Makefile	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/Makefile	Thu Jun 18 07:01:42 2015 -0700
@@ -23,22 +23,22 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		openssh
-COMPONENT_VERSION=	6.5p1
+COMPONENT_VERSION=	6.8p1
 HUMAN_VERSION=		$(COMPONENT_VERSION)
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 
 # Version for IPS.  The encoding rules are:
 #   OpenSSH <x>.<y>p<n>     => IPS <x>.<y>.0.<n>
 #   OpenSSH <x>.<y>.<z>p<n> => IPS <x>.<y>.<z>.<n>
-IPS_COMPONENT_VERSION=	6.5.0.1
+IPS_COMPONENT_VERSION=	6.8.0.1
 
 COMPONENT_PROJECT_URL=	http://www.openssh.org/
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
-COMPONENT_ARCHIVE_HASH=	sha256:a1195ed55db945252d5a1730d4a2a2a5c1c9a6aa01ef2e5af750a962623d9027
+COMPONENT_ARCHIVE_HASH=	sha256:3ff64ce73ee124480b5bf767b9830d7d3c03bbcb6abe716b78f0192c37ce160e
 COMPONENT_ARCHIVE_URL=	http://mirror.team-cymru.org/pub/OpenBSD/OpenSSH/portable/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=utility/openssh
 
-TPNO_OPENSSH=		16633
+TPNO_OPENSSH=		21980
 TPNO_GSSKEX=		20377
 
 include $(WS_MAKE_RULES)/prep.mk
@@ -118,7 +118,7 @@
 REQUIRED_PACKAGES += library/zlib
 REQUIRED_PACKAGES += service/security/kerberos-5
 REQUIRED_PACKAGES += system/library
-REQUIRED_PACKAGES += system/library/gcc-45-runtime
+REQUIRED_PACKAGES += system/library/gcc-48-runtime
 REQUIRED_PACKAGES += system/library/gcc/gcc-c-runtime
 REQUIRED_PACKAGES += system/library/security/gss
 REQUIRED_PACKAGES += system/linker
--- a/components/openssh/patches/005-openssh_krb5_build_fix.patch	Wed Jun 17 14:55:22 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,102 +0,0 @@
-#
-# This is to work around an unresloved symbol problem with the Kerberos
-# build option. Unlike MIT Kerberos, the gss_krb5_copy_ccache() function
-# is not supported on Solaris, because it violates API abstraction. This
-# workaround disables delegated credentials storing on server side.
-#
-# The long term goal is to replace Solaris Kerberos libraries with MIT Kerberos
-# delivered from Userland gate (The Solaris MIT Kerberos Drop in Project).
-# After that, function gss_krb5_copy_ccache() will be available in Solaris and
-# the delegating credentials functionality will be made available using the
-# upstream code.
-#
---- orig/auth2-gss.c	Fri Mar 21 10:41:03 2014
-+++ new/auth2-gss.c	Fri Mar 21 11:13:57 2014
[email protected]@ -47,6 +47,10 @@
- 
- extern ServerOptions options;
- 
-+#ifdef KRB5_BUILD_FIX
-+        extern gss_OID_set g_supported;
-+#endif
-+
- static void input_gssapi_token(int type, u_int32_t plen, void *ctxt);
- static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
- static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
[email protected]@ -77,7 +81,13 @@
- 		return (0);
- 	}
- 
-+#ifdef KRB5_BUILD_FIX
-+	/* use value obtained in privileged parent */
-+	supported = g_supported;
-+#else
- 	ssh_gssapi_supported_oids(&supported);
-+#endif
-+
- 	do {
- 		mechs--;
- 
---- orig/configure	Fri Mar 21 10:41:03 2014
-+++ new/configure	Fri Mar 21 11:02:11 2014
[email protected]@ -16634,6 +16634,12 @@
- 				{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
- $as_echo "no" >&6; }
- 			fi
-+
-+			# Oracle Solaris
-+			# OpenSSH is mixed-up gssapi AND krb5 aplication
-+			K5CFLAGS="$K5CFLAGS `$KRB5CONF --cflags krb5`"
-+			K5LIBS="$K5LIBS `$KRB5CONF --libs krb5`"
-+
- 			{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using Heimdal" >&5
- $as_echo_n "checking whether we are using Heimdal... " >&6; }
- 			cat confdefs.h - <<_ACEOF >conftest.$ac_ext
---- orig/sshd.c	Fri Mar 21 10:41:03 2014
-+++ new/sshd.c	Fri Mar 21 11:09:30 2014
[email protected]@ -259,6 +259,11 @@
- /* Unprivileged user */
- struct passwd *privsep_pw = NULL;
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+/* Temporary storing supported GSS mechs */
-+gss_OID_set g_supported;
-+#endif
-+
- /* Prototypes for various functions defined later in this file. */
- void destroy_sensitive_data(void);
- void demote_sensitive_data(void);
[email protected]@ -1407,6 +1412,10 @@
- 	av = saved_argv;
- #endif
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+	OM_uint32 ms;
-+#endif
-+
- 	if (geteuid() == 0 && setgroups(0, NULL) == -1)
- 		debug("setgroups(): %.200s", strerror(errno));
- 
[email protected]@ -2083,6 +2092,11 @@
- 	buffer_init(&loginmsg);
- 	auth_debug_reset();
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+	/* collect gss mechs for later use in privsep child */
-+	ssh_gssapi_supported_oids(&g_supported);
-+#endif
-+
- 	if (use_privsep) {
- 		if (privsep_preauth(authctxt) == 1)
- 			goto authenticated;
[email protected]@ -2120,6 +2134,10 @@
- 		startup_pipe = -1;
- 	}
- 
-+#if defined(KRB5_BUILD_FIX) && defined(GSSAPI)
-+	gss_release_oid_set(&ms, &g_supported);
-+#endif 
-+
- #ifdef SSH_AUDIT_EVENTS
- 	audit_event(SSH_AUTH_SUCCESS);
- #endif
--- a/components/openssh/patches/007-manpages.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/007-manpages.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -7,8 +7,9 @@
 # pages, the section numbers of some OpenSSH man pages are changed to be the
 # same as their corresponding ones in SunSSH.
 #
---- orig/moduli.5	Thu Feb  6 10:00:17 2014
-+++ new/moduli.5	Thu Feb  6 10:08:07 2014
+diff -pur old/moduli.5 new/moduli.5
+--- old/moduli.5	2015-03-17 06:49:20.000000000 +0100
++++ new/moduli.5	2015-03-28 05:37:09.205577491 +0100
 @@ -14,7 +14,7 @@
  .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
@@ -27,7 +28,7 @@
  in the Diffie-Hellman Group Exchange key exchange method.
  .Pp
  New moduli may be generated with
[email protected]@ -40,7 +40,7 @@
[email protected]@ -40,7 +40,7 @@ pass, using
  .Ic ssh-keygen -T ,
  provides a high degree of assurance that the numbers are prime and are
  safe for use in Diffie-Hellman operations by
@@ -36,7 +37,7 @@
  This
  .Nm
  format is used as the output from each pass.
[email protected]@ -70,7 +70,7 @@
[email protected]@ -70,7 +70,7 @@ are Sophie Germain primes (type 4).
  Further primality testing with
  .Xr ssh-keygen 1
  produces safe prime moduli (type 2) that are ready for use in
@@ -45,7 +46,7 @@
  Other types are not used by OpenSSH.
  .It tests
  Decimal number indicating the type of primality tests that the number
[email protected]@ -105,16 +105,16 @@
[email protected]@ -105,16 +105,16 @@ The modulus itself in hexadecimal.
  .El
  .Pp
  When performing Diffie-Hellman Group Exchange,
@@ -65,18 +66,19 @@
  .Sh STANDARDS
  .Rs
  .%A M. Friedl
---- orig/sftp-server.8	Thu Feb  6 10:01:20 2014
-+++ new/sftp-server.8	Thu Feb  6 10:09:59 2014
+diff -pur old/sftp-server.8 new/sftp-server.8
+--- old/sftp-server.8	2015-03-17 06:49:20.000000000 +0100
++++ new/sftp-server.8	2015-03-28 05:38:55.972453415 +0100
 @@ -23,7 +23,7 @@
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
- .Dd $Mdocdate: October 14 2013 $
+ .Dd $Mdocdate: December 11 2014 $
 -.Dt SFTP-SERVER 8
 +.Dt SFTP-SERVER 1M
  .Os
  .Sh NAME
  .Nm sftp-server
[email protected]@ -47,7 +47,7 @@
[email protected]@ -47,7 +47,7 @@ is a program that speaks the server side
  to stdout and expects client requests from stdin.
  .Nm
  is not intended to be called directly, but from
@@ -85,7 +87,7 @@
  using the
  .Cm Subsystem
  option.
[email protected]@ -58,7 +58,7 @@
[email protected]@ -58,7 +58,7 @@ should be specified in the
  .Cm Subsystem
  declaration.
  See
@@ -94,7 +96,7 @@
  for more information.
  .Pp
  Valid options are:
[email protected]@ -71,7 +71,7 @@
[email protected]@ -71,7 +71,7 @@ The pathname may contain the following t
  and %u is replaced by the username of that user.
  The default is to use the user's home directory.
  This option is useful in conjunction with the
@@ -103,7 +105,7 @@
  .Cm ChrootDirectory
  option.
  .It Fl e
[email protected]@ -152,8 +152,8 @@
[email protected]@ -152,8 +152,8 @@ establish a logging socket inside the ch
  .Sh SEE ALSO
  .Xr sftp 1 ,
  .Xr ssh 1 ,
@@ -114,73 +116,9 @@
  .Rs
  .%A T. Ylonen
  .%A S. Lehtinen
---- orig/ssh_config.5	Thu Feb  6 10:01:20 2014
-+++ new/ssh_config.5	Thu Mar 27 16:37:50 2014
[email protected]@ -35,7 +35,7 @@
- .\"
- .\" $OpenBSD: ssh_config.5,v 1.184 2014/01/19 04:48:08 djm Exp $
- .Dd $Mdocdate: January 19 2014 $
--.Dt SSH_CONFIG 5
-+.Dt SSH_CONFIG 4
- .Os
- .Sh NAME
- .Nm ssh_config
[email protected]@ -503,7 +503,7 @@
- .Dq Fl O No exit
- option).
- If set to a time in seconds, or a time in any of the formats documented in
--.Xr sshd_config 5 ,
-+.Xr sshd_config 4 ,
- then the backgrounded master connection will automatically terminate
- after it has remained idle (with no client connections) for the
- specified time.
[email protected]@ -622,7 +622,7 @@
- Specify a timeout for untrusted X11 forwarding
- using the format described in the
- TIME FORMATS section of
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- X11 connections received by
- .Xr ssh 1
- after this time will be refused.
[email protected]@ -689,7 +689,7 @@
- These hashed names may be used normally by
- .Xr ssh 1
- and
--.Xr sshd 8 ,
-+.Xr sshd 1M ,
- but they do not reveal identifying information should the file's contents
- be disclosed.
- The default is
[email protected]@ -1122,7 +1122,7 @@
- The optional second value is specified in seconds and may use any of the
- units documented in the
- TIME FORMATS section of
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- The default value for
- .Cm RekeyLimit
- is
[email protected]@ -1166,7 +1166,7 @@
- will only succeed if the server's
- .Cm GatewayPorts
- option is enabled (see
--.Xr sshd_config 5 ) .
-+.Xr sshd_config 4 ) .
- .It Cm RequestTTY
- Specifies whether to request a pseudo-tty for the session.
- The argument may be one of:
[email protected]@ -1218,7 +1218,7 @@
- Refer to
- .Cm AcceptEnv
- in
--.Xr sshd_config 5
-+.Xr sshd_config 4
- for how to configure the server.
- Variables are specified by name, which may contain wildcard characters.
- Multiple environment variables may be separated by whitespace or spread
---- orig/ssh-keysign.8	Thu Feb  6 10:01:20 2014
-+++ new/ssh-keysign.8	Thu Feb  6 10:13:05 2014
+diff -pur old/ssh-keysign.8 new/ssh-keysign.8
+--- old/ssh-keysign.8	2015-03-17 06:49:20.000000000 +0100
++++ new/ssh-keysign.8	2015-03-28 05:37:09.206625270 +0100
 @@ -23,7 +23,7 @@
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
@@ -190,7 +128,7 @@
  .Os
  .Sh NAME
  .Nm ssh-keysign
[email protected]@ -52,7 +52,7 @@
[email protected]@ -52,7 +52,7 @@ is not intended to be invoked by the use
  See
  .Xr ssh 1
  and
@@ -199,7 +137,7 @@
  for more information about host-based authentication.
  .Sh FILES
  .Bl -tag -width Ds -compact
[email protected]@ -83,8 +83,8 @@
[email protected]@ -83,8 +83,8 @@ information corresponding with the priva
  .Sh SEE ALSO
  .Xr ssh 1 ,
  .Xr ssh-keygen 1 ,
@@ -210,8 +148,9 @@
  .Sh HISTORY
  .Nm
  first appeared in
---- orig/ssh-pkcs11-helper.8	Thu Feb  6 10:01:20 2014
-+++ new/ssh-pkcs11-helper.8	Thu Feb  6 10:14:40 2014
+diff -pur old/ssh-pkcs11-helper.8 new/ssh-pkcs11-helper.8
+--- old/ssh-pkcs11-helper.8	2015-03-17 06:49:20.000000000 +0100
++++ new/ssh-pkcs11-helper.8	2015-03-28 05:37:09.206699277 +0100
 @@ -15,7 +15,7 @@
  .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  .\"
@@ -221,12 +160,178 @@
  .Os
  .Sh NAME
  .Nm ssh-pkcs11-helper
---- orig/sshd_config.5	Thu Feb  6 10:01:20 2014
-+++ new/sshd_config.5	Thu Feb  6 10:17:21 2014
+diff -pur old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5	2015-03-17 06:49:20.000000000 +0100
++++ new/ssh_config.5	2015-03-28 05:39:45.895250783 +0100
[email protected]@ -35,7 +35,7 @@
+ .\"
+ .\" $OpenBSD: ssh_config.5,v 1.205 2015/02/20 22:17:21 djm Exp $
+ .Dd $Mdocdate: February 20 2015 $
+-.Dt SSH_CONFIG 5
++.Dt SSH_CONFIG 4
+ .Os
+ .Sh NAME
+ .Nm ssh_config
[email protected]@ -562,7 +562,7 @@ then the master connection will remain i
+ .Dq Fl O No exit
+ option).
+ If set to a time in seconds, or a time in any of the formats documented in
+-.Xr sshd_config 5 ,
++.Xr sshd_config 4 ,
+ then the backgrounded master connection will automatically terminate
+ after it has remained idle (with no client connections) for the
+ specified time.
[email protected]@ -689,7 +689,7 @@ option is also enabled.
+ Specify a timeout for untrusted X11 forwarding
+ using the format described in the
+ TIME FORMATS section of
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ X11 connections received by
+ .Xr ssh 1
+ after this time will be refused.
[email protected]@ -756,7 +756,7 @@ should hash host names and addresses whe
+ These hashed names may be used normally by
+ .Xr ssh 1
+ and
+-.Xr sshd 8 ,
++.Xr sshd 1M ,
+ but they do not reveal identifying information should the file's contents
+ be disclosed.
+ The default is
[email protected]@ -1233,7 +1233,7 @@ depending on the cipher.
+ The optional second value is specified in seconds and may use any of the
+ units documented in the
+ TIME FORMATS section of
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ The default value for
+ .Cm RekeyLimit
+ is
[email protected]@ -1277,7 +1277,7 @@ Specifying a remote
+ will only succeed if the server's
+ .Cm GatewayPorts
+ option is enabled (see
+-.Xr sshd_config 5 ) .
++.Xr sshd_config 4 ) .
+ .It Cm RequestTTY
+ Specifies whether to request a pseudo-tty for the session.
+ The argument may be one of:
[email protected]@ -1339,7 +1339,7 @@ accept these environment variables.
+ Refer to
+ .Cm AcceptEnv
+ in
+-.Xr sshd_config 5
++.Xr sshd_config 4
+ for how to configure the server.
+ Variables are specified by name, which may contain wildcard characters.
+ Multiple environment variables may be separated by whitespace or spread
+diff -pur old/sshd.8 new/sshd.8
+--- old/sshd.8	2015-03-17 06:49:20.000000000 +0100
++++ new/sshd.8	2015-03-28 05:41:50.762749417 +0100
 @@ -35,7 +35,7 @@
  .\"
- .\" $OpenBSD: sshd_config.5,v 1.170 2013/12/08 09:53:27 dtucker Exp $
- .Dd $Mdocdate: December 8 2013 $
+ .\" $OpenBSD: sshd.8,v 1.278 2014/11/15 14:41:03 bentley Exp $
+ .Dd $Mdocdate: November 15 2014 $
+-.Dt SSHD 8
++.Dt SSHD 1M
+ .Os
+ .Sh NAME
+ .Nm sshd
[email protected]@ -77,7 +77,7 @@ and data exchange.
+ .Nm
+ can be configured using command-line options or a configuration file
+ (by default
+-.Xr sshd_config 5 ) ;
++.Xr sshd_config 4 ) ;
+ command-line options override values specified in the
+ configuration file.
+ .Nm
[email protected]@ -207,7 +207,7 @@ Can be used to give options in the forma
+ This is useful for specifying options for which there is no separate
+ command-line flag.
+ For full details of the options, and their values, see
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ .It Fl p Ar port
+ Specifies the port on which the server listens for connections
+ (default 22).
[email protected]@ -277,7 +277,7 @@ The default is to use protocol 2 only,
+ though this can be changed via the
+ .Cm Protocol
+ option in
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
+ protocol 1 only supports RSA keys.
+ For both protocols,
[email protected]@ -402,7 +402,7 @@ if it exists, and users are allowed to c
+ See the
+ .Cm PermitUserEnvironment
+ option in
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ .It
+ Changes to user's home directory.
+ .It
[email protected]@ -550,7 +550,7 @@ The command originally supplied by the c
+ environment variable.
+ Note that this option applies to shell, command or subsystem execution.
+ Also note that this command may be superseded by either a
+-.Xr sshd_config 5
++.Xr sshd_config 4
+ .Cm ForceCommand
+ directive or a command embedded in a certificate.
+ .It Cm environment="NAME=value"
[email protected]@ -571,7 +571,7 @@ Specifies that in addition to public key
+ name of the remote host or its IP address must be present in the
+ comma-separated list of patterns.
+ See PATTERNS in
+-.Xr ssh_config 5
++.Xr ssh_config 4
+ for more information on patterns.
+ .Pp
+ In addition to the wildcard matching that may be applied to hostnames or
[email protected]@ -859,7 +859,7 @@ It should only be writable by root.
+ .It Pa /etc/moduli
+ Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
+ The file format is described in
+-.Xr moduli 5 .
++.Xr moduli 4 .
+ .Pp
+ .It Pa /etc/motd
+ See
[email protected]@ -920,7 +920,7 @@ should be world-readable.
+ Contains configuration data for
+ .Nm sshd .
+ The file format and configuration options are described in
+-.Xr sshd_config 5 .
++.Xr sshd_config 4 .
+ .Pp
+ .It Pa /etc/ssh/sshrc
+ Similar to
[email protected]@ -955,10 +955,10 @@ The content of this file is not sensitiv
+ .Xr ssh-keyscan 1 ,
+ .Xr chroot 2 ,
+ .Xr login.conf 5 ,
+-.Xr moduli 5 ,
+-.Xr sshd_config 5 ,
+-.Xr inetd 8 ,
+-.Xr sftp-server 8
++.Xr moduli 4 ,
++.Xr sshd_config 4 ,
++.Xr inetd 1M ,
++.Xr sftp-server 1M
+ .Sh AUTHORS
+ OpenSSH is a derivative of the original and free
+ ssh 1.2.12 release by Tatu Ylonen.
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5	2015-03-28 05:37:09.175994877 +0100
++++ new/sshd_config.5	2015-03-28 05:42:07.245709990 +0100
[email protected]@ -35,7 +35,7 @@
+ .\"
+ .\" $OpenBSD: sshd_config.5,v 1.194 2015/02/20 23:46:01 djm Exp $
+ .Dd $Mdocdate: February 20 2015 $
 -.Dt SSHD_CONFIG 5
 +.Dt SSHD_CONFIG 4
  .Os
@@ -241,7 +346,7 @@
  reads configuration data from
  .Pa /etc/ssh/sshd_config
  (or the file specified with
[email protected]@ -68,7 +68,7 @@
[email protected]@ -68,7 +68,7 @@ the session's
  See
  .Cm SendEnv
  in
@@ -250,7 +355,7 @@
  for how to configure the client.
  Note that environment passing is only supported for protocol 2.
  Variables are specified by name, which may contain the wildcard characters
[email protected]@ -85,7 +85,7 @@
[email protected]@ -85,7 +85,7 @@ For this reason, care should be taken in
  The default is not to accept any environment variables.
  .It Cm AddressFamily
  Specifies which address family should be used by
@@ -259,7 +364,7 @@
  Valid arguments are
  .Dq any ,
  .Dq inet
[email protected]@ -118,7 +118,7 @@
[email protected]@ -118,7 +118,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
@@ -268,7 +373,7 @@
  for more information on patterns.
  .It Cm AllowTcpForwarding
  Specifies whether TCP forwarding is permitted.
[email protected]@ -158,7 +158,7 @@
[email protected]@ -178,7 +178,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
@@ -277,7 +382,7 @@
  for more information on patterns.
  .It Cm AuthenticationMethods
  Specifies the authentication methods that must be successfully completed
[email protected]@ -202,7 +202,7 @@
[email protected]@ -234,7 +234,7 @@ The program must be owned by root and no
  It will be invoked with a single argument of the username
  being authenticated, and should produce on standard output zero or
  more lines of authorized_keys output (see AUTHORIZED_KEYS in
@@ -286,7 +391,7 @@
  If a key supplied by AuthorizedKeysCommand does not successfully authenticate
  and authorize the user then public key authentication continues using the usual
  .Cm AuthorizedKeysFile
[email protected]@ -218,7 +218,7 @@
[email protected]@ -257,7 +257,7 @@ for user authentication.
  The format is described in the
  AUTHORIZED_KEYS FILE FORMAT
  section of
@@ -295,7 +400,7 @@
  .Cm AuthorizedKeysFile
  may contain tokens of the form %T which are substituted during connection
  setup.
[email protected]@ -241,7 +241,7 @@
[email protected]@ -280,7 +280,7 @@ this file lists names, one of which must
  to be accepted for authentication.
  Names are listed one per line preceded by key options (as described
  in AUTHORIZED_KEYS FILE FORMAT in
@@ -304,7 +409,7 @@
  Empty lines and comments starting with
  .Ql #
  are ignored.
[email protected]@ -271,7 +271,7 @@
[email protected]@ -310,7 +310,7 @@ and is not consulted for certification a
  though the
  .Cm principals=
  key option offers a similar facility (see
@@ -313,16 +418,16 @@
  for details).
  .It Cm Banner
  The contents of the specified file are sent to the remote user before
[email protected]@ -294,7 +294,7 @@
- All components of the pathname must be root-owned directories that are
- not writable by any other user or group.
[email protected]@ -335,7 +335,7 @@ At session startup
+ checks that all components of the pathname are root-owned directories
+ which are not writable by any other user or group.
  After the chroot,
 -.Xr sshd 8
 +.Xr sshd 1M
  changes the working directory to the user's home directory.
  .Pp
  The pathname may contain the following tokens that are expanded at runtime once
[email protected]@ -370,7 +370,7 @@
[email protected]@ -433,7 +433,7 @@ with an argument of
  .It Cm ClientAliveCountMax
  Sets the number of client alive messages (see below) which may be
  sent without
@@ -331,7 +436,7 @@
  receiving any messages back from the client.
  If this threshold is reached while client alive messages are being sent,
  sshd will disconnect the client, terminating the session.
[email protected]@ -397,7 +397,7 @@
[email protected]@ -460,7 +460,7 @@ This option applies to protocol version 
  .It Cm ClientAliveInterval
  Sets a timeout interval in seconds after which if no data has been received
  from the client,
@@ -340,7 +445,7 @@
  will send a message through the encrypted
  channel to request a response from the client.
  The default
[email protected]@ -428,7 +428,7 @@
[email protected]@ -491,7 +491,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
@@ -349,16 +454,16 @@
  for more information on patterns.
  .It Cm DenyUsers
  This keyword can be followed by a list of user name patterns, separated
[email protected]@ -447,7 +447,7 @@
[email protected]@ -510,7 +510,7 @@ and finally
  .Cm AllowGroups .
  .Pp
  See PATTERNS in
 -.Xr ssh_config 5
 +.Xr ssh_config 4
  for more information on patterns.
- .It Cm ForceCommand
- Forces the execution of the command specified by
[email protected]@ -472,7 +472,7 @@
+ .It Cm FingerprintHash
+ Specifies the hash algorithm used when logging key fingerprints.
[email protected]@ -543,7 +543,7 @@ files when used with
  Specifies whether remote hosts are allowed to connect to ports
  forwarded for the client.
  By default,
@@ -367,7 +472,7 @@
  binds remote port forwardings to the loopback address.
  This prevents other remote hosts from connecting to forwarded ports.
  .Cm GatewayPorts
[email protected]@ -520,7 +520,7 @@
[email protected]@ -602,7 +602,7 @@ files during
  A setting of
  .Dq yes
  means that
@@ -376,7 +481,7 @@
  uses the name supplied by the client rather than
  attempting to resolve the name from the TCP connection itself.
  The default is
[email protected]@ -531,7 +531,7 @@
[email protected]@ -613,7 +613,7 @@ The certificate's public key must match 
  by
  .Cm HostKey .
  The default behaviour of
@@ -385,7 +490,7 @@
  is not to load any certificates.
  .It Cm HostKey
  Specifies a file containing a private host key
[email protected]@ -546,7 +546,7 @@
[email protected]@ -628,7 +628,7 @@ and
  .Pa /etc/ssh/ssh_host_rsa_key
  for protocol version 2.
  Note that
@@ -394,7 +499,7 @@
  will refuse to use a file if it is group/world-accessible.
  It is possible to have multiple host key files.
  .Dq rsa1
[email protected]@ -587,7 +587,7 @@
[email protected]@ -669,7 +669,7 @@ The default is
  .Dq yes .
  .It Cm IgnoreUserKnownHosts
  Specifies whether
@@ -403,7 +508,7 @@
  should ignore the user's
  .Pa ~/.ssh/known_hosts
  during
[email protected]@ -681,7 +681,7 @@
[email protected]@ -800,7 +800,7 @@ If the value is 0, the key is never rege
  The default is 3600 (seconds).
  .It Cm ListenAddress
  Specifies the local addresses
@@ -412,7 +517,7 @@
  should listen on.
  The following forms may be used:
  .Pp
[email protected]@ -724,7 +724,7 @@
[email protected]@ -843,7 +843,7 @@ If the value is 0, there is no time limi
  The default is 120 seconds.
  .It Cm LogLevel
  Gives the verbosity level that is used when logging messages from
@@ -421,7 +526,7 @@
  The possible values are:
  QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
  The default is INFO.
[email protected]@ -776,7 +776,7 @@
[email protected]@ -943,7 +943,7 @@ and
  The match patterns may consist of single entries or comma-separated
  lists and may use the wildcard and negation operators described in the
  PATTERNS section of
@@ -430,7 +535,7 @@
  .Pp
  The patterns in an
  .Cm Address
[email protected]@ -856,7 +856,7 @@
[email protected]@ -1032,7 +1032,7 @@ Alternatively, random early drop can be 
  the three colon separated values
  .Dq start:rate:full
  (e.g. "10:30:60").
@@ -439,7 +544,7 @@
  will refuse connection attempts with a probability of
  .Dq rate/100
  (30%)
[email protected]@ -969,7 +969,7 @@
[email protected]@ -1149,7 +1149,7 @@ and
  options in
  .Pa ~/.ssh/authorized_keys
  are processed by
@@ -448,7 +553,7 @@
  The default is
  .Dq no .
  Enabling environment processing may enable users to bypass access
[email protected]@ -982,7 +982,7 @@
[email protected]@ -1168,7 +1168,7 @@ The default is
  .Pa /var/run/sshd.pid .
  .It Cm Port
  Specifies the port number that
@@ -457,7 +562,7 @@
  listens on.
  The default is 22.
  Multiple options of this type are permitted.
[email protected]@ -990,7 +990,7 @@
[email protected]@ -1176,14 +1176,14 @@ See also
  .Cm ListenAddress .
  .It Cm PrintLastLog
  Specifies whether
@@ -465,9 +570,8 @@
 +.Xr sshd 1M
  should print the date and time of the last user login when a user logs
  in interactively.
- The default is
[email protected]@ -997,7 +997,7 @@
- .Dq yes .
+ On Solaris this option is always ignored since pam_unix_session(5)
+ reports the last login time.
  .It Cm PrintMotd
  Specifies whether
 -.Xr sshd 8
@@ -475,7 +579,7 @@
  should print
  .Pa /etc/motd
  when a user logs in interactively.
[email protected]@ -1008,7 +1008,7 @@
[email protected]@ -1194,7 +1194,7 @@ The default is
  .Dq yes .
  .It Cm Protocol
  Specifies the protocol versions
@@ -484,8 +588,8 @@
  supports.
  The possible values are
  .Sq 1
[email protected]@ -1081,7 +1081,7 @@
- The minimum value is 512, and the default is 1024.
[email protected]@ -1305,7 +1305,7 @@ The default is
+ .Dq no .
  .It Cm StrictModes
  Specifies whether
 -.Xr sshd 8
@@ -493,7 +597,7 @@
  should check file modes and ownership of the
  user's files and home directory before accepting login.
  This is normally desirable because novices sometimes accidentally leave their
[email protected]@ -1115,7 +1115,7 @@
[email protected]@ -1339,7 +1339,7 @@ By default no subsystems are defined.
  Note that this option applies to protocol version 2 only.
  .It Cm SyslogFacility
  Gives the facility code that is used when logging messages from
@@ -502,7 +606,7 @@
  The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
  LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
  The default is AUTH.
[email protected]@ -1156,7 +1156,7 @@
[email protected]@ -1380,7 +1380,7 @@ For more details on certificates, see th
  .Xr ssh-keygen 1 .
  .It Cm UseDNS
  Specifies whether
@@ -511,7 +615,7 @@
  should look up the remote host name and check that
  the resolved host name for the remote IP address maps back to the
  very same IP address.
[email protected]@ -1201,13 +1201,13 @@
[email protected]@ -1425,13 +1425,13 @@ or
  If
  .Cm UsePAM
  is enabled, you will not be able to run
@@ -527,7 +631,7 @@
  separates privileges by creating an unprivileged child process
  to deal with incoming network traffic.
  After successful authentication, another process will be created that has
[email protected]@ -1229,7 +1229,7 @@
[email protected]@ -1453,7 +1453,7 @@ The default is
  .Dq none .
  .It Cm X11DisplayOffset
  Specifies the first display number available for
@@ -536,7 +640,7 @@
  X11 forwarding.
  This prevents sshd from interfering with real X11 servers.
  The default is 10.
[email protected]@ -1244,7 +1244,7 @@
[email protected]@ -1468,7 +1468,7 @@ The default is
  .Pp
  When X11 forwarding is enabled, there may be additional exposure to
  the server and to client displays if the
@@ -545,7 +649,7 @@
  proxy display is configured to listen on the wildcard address (see
  .Cm X11UseLocalhost
  below), though this is not the default.
[email protected]@ -1255,7 +1255,7 @@
[email protected]@ -1479,7 +1479,7 @@ display server may be exposed to attack 
  forwarding (see the warnings for
  .Cm ForwardX11
  in
@@ -554,7 +658,7 @@
  A system administrator may have a stance in which they want to
  protect clients that may expose themselves to attack by unwittingly
  requesting X11 forwarding, which can warrant a
[email protected]@ -1269,7 +1269,7 @@
[email protected]@ -1493,7 +1493,7 @@ X11 forwarding is automatically disabled
  is enabled.
  .It Cm X11UseLocalhost
  Specifies whether
@@ -563,7 +667,7 @@
  should bind the X11 forwarding server to the loopback address or to
  the wildcard address.
  By default,
[email protected]@ -1300,7 +1300,7 @@
[email protected]@ -1524,7 +1524,7 @@ The default is
  .Pa /usr/X11R6/bin/xauth .
  .El
  .Sh TIME FORMATS
@@ -572,7 +676,7 @@
  command-line arguments and configuration file options that specify time
  may be expressed using a sequence of the form:
  .Sm off
[email protected]@ -1344,12 +1344,12 @@
[email protected]@ -1568,12 +1568,12 @@ Time format examples:
  .Bl -tag -width Ds
  .It Pa /etc/ssh/sshd_config
  Contains configuration data for
@@ -587,102 +691,3 @@
  .Xr pam_unix_session 5
  .Sh AUTHORS
  OpenSSH is a derivative of the original and free
- ssh 1.2.12 release by Tatu Ylonen.
---- orig/sshd.8	Thu Feb  6 10:01:20 2014
-+++ new/sshd.8	Thu Feb  6 10:22:35 2014
[email protected]@ -35,7 +35,7 @@
- .\"
- .\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $
- .Dd $Mdocdate: December 7 2013 $
--.Dt SSHD 8
-+.Dt SSHD 1M
- .Os
- .Sh NAME
- .Nm sshd
[email protected]@ -80,7 +80,7 @@
- .Nm
- can be configured using command-line options or a configuration file
- (by default
--.Xr sshd_config 5 ) ;
-+.Xr sshd_config 4 ) ;
- command-line options override values specified in the
- configuration file.
- .Nm
[email protected]@ -210,7 +210,7 @@
- This is useful for specifying options for which there is no separate
- command-line flag.
- For full details of the options, and their values, see
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- .It Fl p Ar port
- Specifies the port on which the server listens for connections
- (default 22).
[email protected]@ -280,7 +280,7 @@
- though this can be changed via the
- .Cm Protocol
- option in
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
- protocol 1 only supports RSA keys.
- For both protocols,
[email protected]@ -405,7 +405,7 @@
- See the
- .Cm PermitUserEnvironment
- option in
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- .It
- Changes to user's home directory.
- .It
[email protected]@ -550,7 +550,7 @@
- environment variable.
- Note that this option applies to shell, command or subsystem execution.
- Also note that this command may be superseded by either a
--.Xr sshd_config 5
-+.Xr sshd_config 4
- .Cm ForceCommand
- directive or a command embedded in a certificate.
- .It Cm environment="NAME=value"
[email protected]@ -571,7 +571,7 @@
- name of the remote host or its IP address must be present in the
- comma-separated list of patterns.
- See PATTERNS in
--.Xr ssh_config 5
-+.Xr ssh_config 4
- for more information on patterns.
- .Pp
- In addition to the wildcard matching that may be applied to hostnames or
[email protected]@ -865,7 +865,7 @@
- .It Pa /etc/moduli
- Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
- The file format is described in
--.Xr moduli 5 .
-+.Xr moduli 4 .
- .Pp
- .It Pa /etc/motd
- See
[email protected]@ -926,7 +926,7 @@
- Contains configuration data for
- .Nm sshd .
- The file format and configuration options are described in
--.Xr sshd_config 5 .
-+.Xr sshd_config 4 .
- .Pp
- .It Pa /etc/ssh/sshrc
- Similar to
[email protected]@ -962,10 +962,10 @@
- .Xr chroot 2 ,
- .Xr hosts_access 5 ,
- .Xr login.conf 5 ,
--.Xr moduli 5 ,
--.Xr sshd_config 5 ,
--.Xr inetd 8 ,
--.Xr sftp-server 8
-+.Xr moduli 4 ,
-+.Xr sshd_config 4 ,
-+.Xr inetd 1M ,
-+.Xr sftp-server 1M
- .Sh AUTHORS
- OpenSSH is a derivative of the original and free
- ssh 1.2.12 release by Tatu Ylonen.
--- a/components/openssh/patches/011-useprivilegedport_regression.patch	Wed Jun 17 14:55:22 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,62 +0,0 @@
-#
-# This is to fix a regression in OpenSSH6.5p1 for UsePrivilegedPort=yes. The
-# bug fix code came from OpenSSH.org.  When we upgrade OpenSSH to version 6.6
-# or later, we will remove this patch file.
-#
---- orig/sshconnect.c	Mon Feb 10 13:56:07 2014
-+++ new/sshconnect.c	Mon Feb 10 17:10:54 2014
[email protected]@ -269,7 +269,7 @@
- ssh_create_socket(int privileged, struct addrinfo *ai)
- {
- 	int sock, r, gaierr;
--	struct addrinfo hints, *res;
-+	struct addrinfo hints, *res = NULL;
- 
- 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
- 	if (sock < 0) {
[email protected]@ -282,17 +282,19 @@
- 	if (options.bind_address == NULL && !privileged)
- 		return sock;
- 
--	memset(&hints, 0, sizeof(hints));
--	hints.ai_family = ai->ai_family;
--	hints.ai_socktype = ai->ai_socktype;
--	hints.ai_protocol = ai->ai_protocol;
--	hints.ai_flags = AI_PASSIVE;
--	gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
--	if (gaierr) {
-+	if (options.bind_address) {
-+            memset(&hints, 0, sizeof(hints));
-+	    hints.ai_family = ai->ai_family;
-+	    hints.ai_socktype = ai->ai_socktype;
-+	    hints.ai_protocol = ai->ai_protocol;
-+	    hints.ai_flags = AI_PASSIVE;
-+	    gaierr = getaddrinfo(options.bind_address, NULL, &hints, &res);
-+	    if (gaierr) {
- 		error("getaddrinfo: %s: %s", options.bind_address,
- 		    ssh_gai_strerror(gaierr));
- 		close(sock);
- 		return -1;
-+	    }
- 	}
- 	/*
- 	 * If we are running as root and want to connect to a privileged
[email protected]@ -300,7 +302,7 @@
- 	 */
- 	if (privileged) {
- 		PRIV_START;
--		r = bindresvport_sa(sock, res->ai_addr);
-+		r = bindresvport_sa(sock, res ? res->ai_addr : NULL);
- 		PRIV_END;
- 		if (r < 0) {
- 			error("bindresvport_sa: af=%d %s", ai->ai_family,
[email protected]@ -317,7 +319,8 @@
- 			return -1;
- 		}
- 	}
--	freeaddrinfo(res);
-+        if (res != NULL)
-+	        freeaddrinfo(res);
- 	return sock;
- }
- 
--- a/components/openssh/patches/012-acceptenv.patch	Wed Jun 17 14:55:22 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,33 +0,0 @@
-#
-# This is to fix a security bug (CVE-2014-2532) when using environment passing
-# with a sshd_config(5) AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6
-# could be tricked into accepting any enviornment variable that contains the
-# characters before the wildcard character.  The bug fix code came from 
-# OpenSSH.org.  When we upgrade OpenSSH to version 6.6 or later, we will remove
-# this patch file.
-#
---- orig/session.c	Tue Mar 18 18:37:57 2014
-+++ new/session.c	Tue Mar 18 18:41:17 2014
[email protected]@ -978,6 +978,11 @@
- 	u_int envsize;
- 	u_int i, namelen;
- 
-+	if (strchr(name, '=') != NULL) {
-+	        error("Invalid environment variable \"%.100s\"", name);
-+                return;
-+	}
-+
- 	/*
- 	 * If we're passed an uninitialized list, allocate a single null
- 	 * entry before continuing.
[email protected]@ -2225,8 +2230,8 @@
- 	char *name, *val;
- 	u_int name_len, val_len, i;
- 
--	name = packet_get_string(&name_len);
--	val = packet_get_string(&val_len);
-+	name = packet_get_cstring(&name_len);
-+	val = packet_get_cstring(&val_len);
- 	packet_check_eom();
- 
- 	/* Don't set too many environment variables */
--- a/components/openssh/patches/013-dtrace_sftp.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/013-dtrace_sftp.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -4,9 +4,10 @@
 # Because this is Solaris-specific and not suitable for upstream, we will not
 # contribute the changes to the upstream community.
 #
---- orig/Makefile.in	Wed Apr 16 17:10:03 2014
-+++ new/Makefile.in	Wed Apr 23 11:00:05 2014
[email protected]@ -26,6 +26,7 @@
+diff -pur old/Makefile.in new/Makefile.in
+--- old/Makefile.in	2015-03-28 14:10:39.426859283 +0100
++++ new/Makefile.in	2015-03-28 14:16:12.472203388 +0100
[email protected]@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
  SFTP_SERVER=$(libexecdir)/sftp-server
  SSH_KEYSIGN=$(libexecdir)/ssh-keysign
  SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
@@ -14,17 +15,15 @@
  [email protected][email protected]
  [email protected][email protected]
  [email protected][email protected]
[email protected]@ -76,7 +76,8 @@
- 	jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \
- 	kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
- 	ssh-ed25519.o digest.o \
--	sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o
-+	sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \
-+	sftp_provider.o
- 
- SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
- 	sshconnect.o sshconnect1.o sshconnect2.o mux.o \
[email protected]@ -96,7 +97,7 @@
[email protected]@ -85,6 +86,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
+ 	atomicio.o key.o dispatch.o mac.o uidswap.o uuencode.o misc.o \
+ 	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
+ 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
++	sftp_provider.o \
+ 	ssh-pkcs11.o smult_curve25519_ref.o \
+ 	poly1305.o chacha.o cipher-chachapoly.o \
+ 	ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
[email protected]@ -110,7 +112,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
  	sftp-server.o sftp-common.o \
  	roaming_common.o roaming_serv.o \
  	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
@@ -33,7 +32,7 @@
  
  MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
  MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
[email protected]@ -173,8 +174,8 @@
[email protected]@ -187,8 +189,8 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
  ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
  	$(LD) -o [email protected] ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
  
@@ -44,7 +43,7 @@
  
  sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
  	$(LD) -o [email protected] progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
[email protected]@ -211,9 +212,18 @@
[email protected]@ -225,9 +227,18 @@ umac128.o:	umac.c
  	    -Dumac_update=umac128_update -Dumac_final=umac128_final \
  	    -Dumac_delete=umac128_delete
  
@@ -55,16 +54,16 @@
 +
 +sftp_provider.o: sftp_provider.d sftp_provider.h sftp-server.o
 +	/usr/sbin/dtrace -G -64 -xnolibs -s $(srcdir)/sftp_provider.d \
-+            sftp-server.o -o sftp_provider.o
++	    sftp-server.o -o sftp_provider.o
 +
  clean:	regressclean
  	rm -f *.o *.a $(TARGETS) logintest config.cache config.log
 -	rm -f *.out core survey
 +	rm -f *.out core survey sftp_provider.h
- 	(cd openbsd-compat && $(MAKE) clean)
- 
- distclean:	regressclean
[email protected]@ -313,6 +314,7 @@
+ 	rm -f regress/unittests/test_helper/*.a
+ 	rm -f regress/unittests/test_helper/*.o
+ 	rm -f regress/unittests/sshbuf/*.o
[email protected]@ -340,6 +351,7 @@ install-files:
  	ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
  	ln -s ./ssh.1 $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
@@ -72,9 +71,10 @@
  
  install-sysconf:
  	if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
---- orig/sftp-server.c	Wed Apr 16 18:44:37 2014
-+++ new/sftp-server.c	Thu Apr 17 11:53:54 2014
[email protected]@ -51,6 +51,9 @@
+diff -pur old/sftp-server.c new/sftp-server.c
+--- old/sftp-server.c	2015-03-17 06:49:20.000000000 +0100
++++ new/sftp-server.c	2015-03-28 14:27:55.661510029 +0100
[email protected]@ -55,6 +55,9 @@
  
  #include "sftp.h"
  #include "sftp-common.h"
@@ -82,34 +82,29 @@
 +#include "sftp_provider_impl.h"
 +#endif
  
- /* helper */
- #define get_int64()			buffer_get_int64(&iqueue);
[email protected]@ -721,13 +724,24 @@
+ /* Our verbosity */
+ static LogLevel log_level = SYSLOG_LEVEL_ERROR;
[email protected]@ -741,14 +744,17 @@ process_read(u_int32_t id)
  	u_int32_t len;
- 	int handle, fd, ret, status = SSH2_FX_FAILURE;
+ 	int r, handle, fd, ret, status = SSH2_FX_FAILURE;
  	u_int64_t off;
-+#ifdef DTRACE_SFTP
 +	char *fpath;
-+#endif
  
- 	handle = get_handle();
- 	off = get_int64();
- 	len = get_int();
-+#ifdef DTRACE_SFTP
-+	fpath = handle_to_name(handle);
-+#endif
+ 	if ((r = get_handle(iqueue, &handle)) != 0 ||
+ 	    (r = sshbuf_get_u64(iqueue, &off)) != 0 ||
+ 	    (r = sshbuf_get_u32(iqueue, &len)) != 0)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
  
-+#ifdef DTRACE_SFTP
- 	debug("request %u: read \"%s\" (handle %d) off %llu len %d",
+-	debug("request %u: read \"%s\" (handle %d) off %llu len %d",
+-	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
++	fpath = handle_to_name(handle);
++ 
++ 	debug("request %u: read \"%s\" (handle %d) off %llu len %d",
 +	    id, fpath, handle, (unsigned long long)off, len);
-+#else
-+	debug("request %u: read \"%s\" (handle %d) off %llu len %d",
- 	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
-+#endif
  	if (len > sizeof buf) {
  		len = sizeof buf;
  		debug2("read change len %d", len);
[email protected]@ -738,7 +752,13 @@
[email protected]@ -759,7 +765,13 @@ process_read(u_int32_t id)
  			error("process_read: seek failed");
  			status = errno_to_portable(errno);
  		} else {
@@ -123,31 +118,25 @@
  			if (ret < 0) {
  				status = errno_to_portable(errno);
  			} else if (ret == 0) {
[email protected]@ -761,13 +781,22 @@
- 	u_int len;
- 	int handle, fd, ret, status;
- 	char *data;
-+#ifdef DTRACE_SFTP
[email protected]@ -782,14 +794,16 @@ process_write(u_int32_t id)
+ 	size_t len;
+ 	int r, handle, fd, ret, status;
+ 	u_char *data;
 +	char *fpath;
-+#endif
  
- 	handle = get_handle();
- 	off = get_int64();
- 	data = get_string(&len);
--
-+#ifdef DTRACE_SFTP
+ 	if ((r = get_handle(iqueue, &handle)) != 0 ||
+ 	    (r = sshbuf_get_u64(iqueue, &off)) != 0 ||
+ 	    (r = sshbuf_get_string(iqueue, &data, &len)) != 0)
+ 		fatal("%s: buffer error: %s", __func__, ssh_err(r));
+ 
 +	fpath = handle_to_name(handle);
- 	debug("request %u: write \"%s\" (handle %d) off %llu len %d",
+ 	debug("request %u: write \"%s\" (handle %d) off %llu len %zu",
+-	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
 +	    id, fpath, handle, (unsigned long long)off, len);
-+#else
-+	debug("request %u: write \"%s\" (handle %d) off %llu len %d",
- 	    id, handle_to_name(handle), handle, (unsigned long long)off, len);
-+#endif
-+
  	fd = handle_to_fd(handle);
- 	
+ 
  	if (fd < 0)
[email protected]@ -779,7 +808,14 @@
[email protected]@ -801,7 +815,14 @@ process_write(u_int32_t id)
  			error("process_write: seek failed");
  		} else {
  /* XXX ATOMICIO ? */
--- a/components/openssh/patches/014-disable_banner.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/014-disable_banner.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -6,31 +6,30 @@
 # In the future, if this feature is accepted by the upsteam in a later release,
 # we will remove this patch when we upgrade to that release.  
 #
---- orig/readconf.c	Wed May 21 15:04:21 2014
-+++ new/readconf.c	Wed May 28 11:56:04 2014
[email protected]@ -148,7 +148,11 @@
+diff -pur old/readconf.c new/readconf.c
+--- old/readconf.c	2015-03-28 21:57:35.551727235 +0100
++++ new/readconf.c	2015-03-28 22:06:01.694836272 +0100
[email protected]@ -150,6 +150,9 @@ typedef enum {
+ 	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
+ 	oSendEnv, oControlPath, oControlMaster, oControlPersist,
+ 	oHashKnownHosts,
++#ifdef DISABLE_BANNER 
++	oDisableBanner,
++#endif
+ 	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
+ 	oVisualHostKey, oUseRoaming,
  	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass,
- 	oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots,
- 	oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs,
-+#ifdef DISABLE_BANNER
-+	oDisableBanner, oIgnoredUnknownOption, oDeprecated, oUnsupported
-+#else
- 	oIgnoredUnknownOption, oDeprecated, oUnsupported
-+#endif
- } OpCodes;
- 
- /* Textual representations of the tokens. */
[email protected]@ -266,6 +270,9 @@
- 	{ "canonicalizehostname", oCanonicalizeHostname },
- 	{ "canonicalizemaxdots", oCanonicalizeMaxDots },
- 	{ "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs },
[email protected]@ -254,6 +257,9 @@ static struct {
+ 	{ "controlmaster", oControlMaster },
+ 	{ "controlpersist", oControlPersist },
+ 	{ "hashknownhosts", oHashKnownHosts },
 +#ifdef DISABLE_BANNER
 +	{ "disablebanner", oDisableBanner },
 +#endif
- 	{ "ignoreunknown", oIgnoreUnknown },
- 
- 	{ NULL, oBadOption }
[email protected]@ -682,6 +689,17 @@
+ 	{ "tunnel", oTunnel },
+ 	{ "tunneldevice", oTunnelDevice },
+ 	{ "localcommand", oLocalCommand },
[email protected]@ -754,6 +760,17 @@ static const struct multistate multistat
  	{ NULL, -1 }
  };
  
@@ -48,9 +47,9 @@
  /*
   * Processes a single option line as used in the configuration files. This
   * only sets those values that have not already been set.
[email protected]@ -1392,6 +1410,13 @@
- 		intptr = &options->canonicalize_fallback_local;
- 		goto parse_flag;
[email protected]@ -1514,6 +1531,13 @@ parse_int:
+ 			*charptr = xstrdup(arg);
+ 		break;
  
 +#ifdef DISABLE_BANNER
 +	case oDisableBanner:
@@ -62,7 +61,7 @@
  	case oDeprecated:
  		debug("%s line %d: Deprecated option \"%s\"",
  		    filename, linenum, keyword);
[email protected]@ -1554,6 +1579,9 @@
[email protected]@ -1684,6 +1708,9 @@ initialize_options(Options * options)
  	options->ip_qos_bulk = -1;
  	options->request_tty = -1;
  	options->proxy_use_fdpass = -1;
@@ -72,23 +71,22 @@
  	options->ignored_unknown = NULL;
  	options->num_canonical_domains = 0;
  	options->num_permitted_cnames = 0;
[email protected]@ -1721,6 +1749,12 @@
[email protected]@ -1871,6 +1898,10 @@ fill_default_options(Options * options)
  		options->canonicalize_fallback_local = 1;
  	if (options->canonicalize_hostname == -1)
  		options->canonicalize_hostname = SSH_CANONICALISE_NO;
-+
 +#ifdef DISABLE_BANNER
 +	if (options->disable_banner == -1)
 +		options->disable_banner = 0;
 +#endif
-+
- #define CLEAR_ON_NONE(v) \
- 	do { \
- 		if (v != NULL && strcasecmp(v, "none") == 0) { \
---- orig/readconf.h	Wed May 21 15:04:35 2014
-+++ new/readconf.h	Wed May 28 11:08:53 2014
[email protected]@ -155,6 +155,9 @@
- 	struct allowed_cname permitted_cnames[MAX_CANON_DOMAINS];
+ 	if (options->fingerprint_hash == -1)
+ 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
+ 	if (options->update_hostkeys == -1)
+diff -pur old/readconf.h new/readconf.h
+--- old/readconf.h	2015-03-17 06:49:20.000000000 +0100
++++ new/readconf.h	2015-03-28 21:57:35.684348892 +0100
[email protected]@ -153,6 +153,9 @@ typedef struct {
+ 	char	*hostbased_key_types;
  
  	char	*ignored_unknown; /* Pattern list of unknown tokens to ignore */
 +#ifdef DISABLE_BANNER
@@ -97,9 +95,9 @@
  }       Options;
  
  #define SSH_CANONICALISE_NO	0
[email protected]@ -175,6 +178,12 @@
- #define SSHCONF_CHECKPERM	1  /* check permissions on config file */
- #define SSHCONF_USERCONF	2  /* user provided config file not system */
[email protected]@ -178,6 +181,12 @@ typedef struct {
+ #define SSH_UPDATE_HOSTKEYS_YES	1
+ #define SSH_UPDATE_HOSTKEYS_ASK	2
  
 +#ifdef DISABLE_BANNER
 +#define SSH_DISABLEBANNER_NO		0
@@ -109,10 +107,11 @@
 +
  void     initialize_options(Options *);
  void     fill_default_options(Options *);
- int	 process_config_line(Options *, struct passwd *, const char *, char *,
---- orig/ssh_config.5	Thu May 22 15:05:04 2014
-+++ new/ssh_config.5	Fri May 23 09:36:52 2014
[email protected]@ -507,6 +507,14 @@
+ void	 fill_default_options_for_canonicalization(Options *);
+diff -pur old/ssh_config.5 new/ssh_config.5
+--- old/ssh_config.5	2015-03-28 21:57:35.544033907 +0100
++++ new/ssh_config.5	2015-03-28 21:57:35.684635985 +0100
[email protected]@ -566,6 +566,14 @@ If set to a time in seconds, or a time i
  then the backgrounded master connection will automatically terminate
  after it has remained idle (with no client connections) for the
  specified time.
@@ -127,9 +126,10 @@
  .It Cm DynamicForward
  Specifies that a TCP port on the local machine be forwarded
  over the secure channel, and the application
---- orig/sshconnect2.c	Wed May 21 15:05:27 2014
-+++ new/sshconnect2.c	Thu May 29 17:33:56 2014
[email protected]@ -82,6 +82,10 @@
+diff -pur old/sshconnect2.c new/sshconnect2.c
+--- old/sshconnect2.c	2015-03-17 06:49:20.000000000 +0100
++++ new/sshconnect2.c	2015-03-28 21:57:35.684940995 +0100
[email protected]@ -81,6 +81,10 @@ extern char *client_version_string;
  extern char *server_version_string;
  extern Options options;
  
@@ -140,7 +140,7 @@
  /*
   * SSH2 key exchange
   */
[email protected]@ -480,7 +484,20 @@
[email protected]@ -480,7 +484,20 @@ input_userauth_banner(int type, u_int32_
  	debug3("input_userauth_banner");
  	raw = packet_get_string(&len);
  	lang = packet_get_string(NULL);
--- a/components/openssh/patches/016-pam_enhancement.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/016-pam_enhancement.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -9,9 +9,10 @@
 # In the future, if these enhancements are accepted by the upsteam in a 
 # later release, we will remove this patch when we upgrade to that release.
 #
---- orig/auth-pam.c	Mon Jan 26 18:02:09 2015
-+++ new/auth-pam.c	Mon Mar 30 15:24:11 2015
[email protected]@ -617,6 +617,72 @@
+diff -pur old/auth-pam.c new/auth-pam.c
+--- old/auth-pam.c	2015-04-28 06:15:57.335765454 -0700
++++ new/auth-pam.c	2015-04-28 06:15:57.417753483 -0700
[email protected]@ -617,6 +617,72 @@ sshpam_cleanup(void)
  	sshpam_handle = NULL;
  }
  
@@ -84,7 +85,7 @@
  static int
  sshpam_init(Authctxt *authctxt)
  {
[email protected]@ -624,18 +690,71 @@
[email protected]@ -624,18 +690,71 @@ sshpam_init(Authctxt *authctxt)
  	const char *pam_rhost, *pam_user, *user = authctxt->user;
  	const char **ptr_pam_user = &pam_user;
  
@@ -146,31 +147,33 @@
 +#ifdef PAM_ENHANCEMENT
 +        debug3("Starting PAM service %s for user %s method %s", svc, user,
 +            authctxt->authmethod_name);
- 	sshpam_err =
++	sshpam_err =
 +	    pam_start(svc, user, &store_conv, &sshpam_handle);
 +	free(svc);
 +#else /* Original */
-+	sshpam_err =
+ 	sshpam_err =
  	    pam_start(SSHD_PAM_SERVICE, user, &store_conv, &sshpam_handle);
 +#endif
  	sshpam_authctxt = authctxt;
  
  	if (sshpam_err != PAM_SUCCESS) {
---- orig/auth.h	Mon Jan 26 18:02:11 2015
-+++ new/auth.h	Mon Jan 26 18:02:11 2015
[email protected]@ -76,6 +76,9 @@
- #endif
- 	Buffer		*loginmsg;
- 	void		*methoddata;
+diff -pur old/auth.h new/auth.h
+--- old/auth.h	2015-03-16 22:49:20.000000000 -0700
++++ new/auth.h	2015-04-28 06:18:25.719914272 -0700
[email protected]@ -81,6 +81,9 @@ struct Authctxt {
+ 
+ 	struct sshkey	**prev_userkeys;
+ 	u_int		 nprev_userkeys;
 +#ifdef PAM_ENHANCEMENT
 +        char            *authmethod_name;
 +#endif 
  };
  /*
   * Every authentication method has to handle authentication requests for
---- orig/auth2.c	Mon Jan 26 18:02:10 2015
-+++ new/auth2.c	Tue Mar 31 15:19:10 2015
[email protected]@ -249,10 +249,21 @@
+diff -pur old/auth2.c new/auth2.c
+--- old/auth2.c	2015-03-16 22:49:20.000000000 -0700
++++ new/auth2.c	2015-04-28 06:15:57.419262466 -0700
[email protected]@ -243,10 +243,21 @@ input_userauth_request(int type, u_int32
  			PRIVSEP(audit_event(SSH_INVALID_USER));
  #endif
  		}
@@ -192,7 +195,7 @@
  		setproctitle("%s%s", authctxt->valid ? user : "unknown",
  		    use_privsep ? " [net]" : "");
  		authctxt->service = xstrdup(service);
[email protected]@ -286,6 +297,18 @@
[email protected]@ -277,6 +288,18 @@ input_userauth_request(int type, u_int32
  	/* try to authenticate user */
  	m = authmethod_lookup(authctxt, method);
  	if (m != NULL && authctxt->failures < options.max_authtries) {
@@ -211,7 +214,7 @@
  		debug2("input_userauth_request: try method %s", method);
  		authenticated =	m->userauth(authctxt);
  	}
[email protected]@ -303,6 +326,10 @@
[email protected]@ -295,6 +318,10 @@ userauth_finish(Authctxt *authctxt, int
  	char *methods;
  	int partial = 0;
  
@@ -222,7 +225,7 @@
  	if (!authctxt->valid && authenticated)
  		fatal("INTERNAL ERROR: authenticated invalid user %s",
  		    authctxt->user);
[email protected]@ -319,6 +346,25 @@
[email protected]@ -311,6 +338,25 @@ userauth_finish(Authctxt *authctxt, int
  	}
  
  	if (authenticated && options.num_auth_methods != 0) {
@@ -248,7 +251,7 @@
  		if (!auth2_update_methods_lists(authctxt, method, submethod)) {
  			authenticated = 0;
  			partial = 1;
[email protected]@ -332,7 +378,20 @@
[email protected]@ -324,7 +370,20 @@ userauth_finish(Authctxt *authctxt, int
  		return;
  
  #ifdef USE_PAM
@@ -269,42 +272,16 @@
  		if (!PRIVSEP(do_pam_account())) {
  			/* if PAM returned a message, send it to the user */
  			if (buffer_len(&loginmsg) > 0) {
[email protected]@ -623,5 +682,3 @@
[email protected]@ -615,5 +674,3 @@ auth2_update_methods_lists(Authctxt *aut
  		fatal("%s: method not in AuthenticationMethods", __func__);
  	return 0;
  }
 -
 -
---- orig/monitor_wrap.c	Mon Jan 26 18:02:09 2015
-+++ new/monitor_wrap.c	Mon Jan 26 18:02:11 2015
[email protected]@ -338,6 +338,24 @@
- 	buffer_free(&m);
- }
- 
-+#ifdef PAM_ENHANCEMENT
-+/* Inform the privileged process about the authentication method */
-+void
-+mm_inform_authmethod(char *authmethod)
-+{
-+	Buffer m;
-+
-+	debug3("%s entering", __func__);
-+
-+	buffer_init(&m);
-+	buffer_put_cstring(&m, authmethod);
-+
-+	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHMETHOD, &m);
-+
-+	buffer_free(&m);
-+}
-+#endif
-+
- /* Do the password authentication */
- int
- mm_auth_password(Authctxt *authctxt, char *password)
---- orig/monitor.c	Mon Jan 26 18:02:10 2015
-+++ new/monitor.c	Tue Mar 31 16:10:50 2015
[email protected]@ -146,6 +146,9 @@
+diff -pur old/monitor.c new/monitor.c
+--- old/monitor.c	2015-03-16 22:49:20.000000000 -0700
++++ new/monitor.c	2015-04-28 06:15:57.421294814 -0700
[email protected]@ -127,6 +127,9 @@ int mm_answer_sign(int, Buffer *);
  int mm_answer_pwnamallow(int, Buffer *);
  int mm_answer_auth2_read_banner(int, Buffer *);
  int mm_answer_authserv(int, Buffer *);
@@ -314,7 +291,7 @@
  int mm_answer_authpassword(int, Buffer *);
  int mm_answer_bsdauthquery(int, Buffer *);
  int mm_answer_bsdauthrespond(int, Buffer *);
[email protected]@ -225,10 +228,17 @@
[email protected]@ -206,10 +209,17 @@ struct mon_table mon_dispatch_proto20[]
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -332,7 +309,7 @@
      {MONITOR_REQ_PAM_ACCOUNT, 0, mm_answer_pam_account},
      {MONITOR_REQ_PAM_INIT_CTX, MON_ISAUTH, mm_answer_pam_init_ctx},
      {MONITOR_REQ_PAM_QUERY, MON_ISAUTH, mm_answer_pam_query},
[email protected]@ -391,6 +401,24 @@
[email protected]@ -371,6 +381,24 @@ monitor_child_preauth(Authctxt *_authctx
  			if (!compat20)
  				fatal("AuthenticationMethods is not supported"
  				    "with SSH protocol 1");
@@ -357,7 +334,7 @@
  			if (authenticated &&
  			    !auth2_update_methods_lists(authctxt,
  			    auth_method, auth_submethod)) {
[email protected]@ -409,8 +437,21 @@
[email protected]@ -389,8 +417,21 @@ monitor_child_preauth(Authctxt *_authctx
  			    !auth_root_allowed(auth_method))
  				authenticated = 0;
  #ifdef USE_PAM
@@ -379,7 +356,7 @@
  				Buffer m;
  
  				buffer_init(&m);
[email protected]@ -828,6 +869,10 @@
[email protected]@ -863,6 +904,10 @@ mm_answer_pwnamallow(int sock, Buffer *m
  		/* Allow service/style information on the auth context */
  		monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
@@ -390,12 +367,12 @@
  	}
  #ifdef USE_PAM
  	if (options.use_pam)
[email protected]@ -868,7 +913,25 @@
[email protected]@ -903,6 +948,24 @@ mm_answer_authserv(int sock, Buffer *m)
  	return (0);
  }
  
 +#ifdef PAM_ENHANCEMENT
- int
++int
 +mm_answer_authmethod(int sock, Buffer *m)
 +{
 +	monitor_permit_authentications(1);
@@ -412,13 +389,13 @@
 +}
 +#endif
 +
-+int
+ int
  mm_answer_authpassword(int sock, Buffer *m)
  {
- 	static int call_count;
---- orig/monitor.h	Mon Jan 26 18:02:10 2015
-+++ new/monitor.h	Mon Jan 26 18:02:11 2015
[email protected]@ -70,6 +70,9 @@
+diff -pur old/monitor.h new/monitor.h
+--- old/monitor.h	2015-03-16 22:49:20.000000000 -0700
++++ new/monitor.h	2015-04-28 06:15:57.421684373 -0700
[email protected]@ -65,6 +65,9 @@ enum monitor_reqtype {
  	MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111,
  	MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113,
  
@@ -428,12 +405,41 @@
  };
  
  struct mm_master;
---- orig/servconf.c	Mon Jan 26 18:02:09 2015
-+++ new/servconf.c	Tue Mar 31 16:24:59 2015
[email protected]@ -154,6 +154,18 @@
- 	options->ip_qos_interactive = -1;
+diff -pur old/monitor_wrap.c new/monitor_wrap.c
+--- old/monitor_wrap.c	2015-03-16 22:49:20.000000000 -0700
++++ new/monitor_wrap.c	2015-04-28 06:15:57.419906674 -0700
[email protected]@ -347,6 +347,24 @@ mm_inform_authserv(char *service, char *
+ 	buffer_free(&m);
+ }
+ 
++#ifdef PAM_ENHANCEMENT
++/* Inform the privileged process about the authentication method */
++void
++mm_inform_authmethod(char *authmethod)
++{
++	Buffer m;
++
++	debug3("%s entering", __func__);
++
++	buffer_init(&m);
++	buffer_put_cstring(&m, authmethod);
++
++	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHMETHOD, &m);
++
++	buffer_free(&m);
++}
++#endif
++
+ /* Do the password authentication */
+ int
+ mm_auth_password(Authctxt *authctxt, char *password)
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c	2015-04-28 06:15:57.300968063 -0700
++++ new/servconf.c	2015-04-28 06:27:06.330272555 -0700
[email protected]@ -163,6 +163,18 @@ initialize_server_options(ServerOptions
  	options->ip_qos_bulk = -1;
  	options->version_addendum = NULL;
+ 	options->fingerprint_hash = -1;
 +#ifdef PAM_ENHANCEMENT
 +	options->pam_service_name = NULL;
 +	options->pam_service_prefix = NULL;
@@ -444,48 +450,48 @@
 +	 * is not compat20, then there will be only one PAM service for the
 +	 * entire user authentication.
 +	 */
-+        options->pam_service_per_authmethod = 1;
++	options->pam_service_per_authmethod = 1;
 +#endif
  }
  
- void
[email protected]@ -303,6 +315,12 @@
+ /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */
[email protected]@ -332,6 +344,12 @@ fill_default_server_options(ServerOption
  		options->ip_qos_bulk = IPTOS_THROUGHPUT;
  	if (options->version_addendum == NULL)
  		options->version_addendum = xstrdup("");
 +
 +#ifdef PAM_ENHANCEMENT
-+        if (options->pam_service_prefix == NULL)
-+                options->pam_service_prefix = _SSH_PAM_SERVICE_PREFIX;
++	if (options->pam_service_prefix == NULL)
++		options->pam_service_prefix = _SSH_PAM_SERVICE_PREFIX;
 +#endif
 +
- 	/* Turn privilege separation on by default */
- 	if (use_privsep == -1)
- 		use_privsep = PRIVSEP_NOSANDBOX;
[email protected]@ -351,6 +369,9 @@
- 	sKexAlgorithms, sIPQoS, sVersionAddendum,
- 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
- 	sAuthenticationMethods, sHostKeyAgent,
+ 	if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1)
+ 		options->fwd_opts.streamlocal_bind_mask = 0177;
+ 	if (options->fwd_opts.streamlocal_bind_unlink == -1)
[email protected]@ -400,6 +418,9 @@ typedef enum {
+ 	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ 	sUsePrivilegeSeparation, sAllowAgentForwarding,
+ 	sHostCertificate,
 +#ifdef PAM_ENHANCEMENT
 +	sPAMServicePrefix, sPAMServiceName,
 +#endif
- 	sDeprecated, sUnsupported
- } ServerOpCodes;
- 
[email protected]@ -482,6 +503,10 @@
- 	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
- 	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
- 	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
+ 	sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ 	sKexAlgorithms, sIPQoS, sVersionAddendum,
+ 	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
[email protected]@ -534,6 +555,10 @@ static struct {
+ 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
+ 	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
+ 	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
 +#ifdef PAM_ENHANCEMENT
-+        { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
-+        { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
++	{ "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
++	{ "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
 +#endif
- 	{ NULL, sBadOption, 0 }
- };
- 
[email protected]@ -1632,6 +1657,37 @@
- 		}
- 		return 0;
+ 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+ 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
[email protected]@ -1765,6 +1790,37 @@ process_server_config_line(ServerOptions
+ 			options->fingerprint_hash = value;
+ 		break;
  
 +	case sPAMServicePrefix:
 +		arg = strdelim(&cp);
@@ -521,8 +527,9 @@
  	case sDeprecated:
  		logit("%s line %d: Deprecated option %s",
  		    filename, linenum, arg);
---- orig/servconf.h	Mon Jan 26 18:02:10 2015
-+++ new/servconf.h	Tue Mar 31 15:07:14 2015
+diff -pur old/servconf.h new/servconf.h
+--- old/servconf.h	2015-03-16 22:49:20.000000000 -0700
++++ new/servconf.h	2015-04-28 06:28:25.181429777 -0700
 @@ -54,6 +54,10 @@
  /* Magic name for internal sftp-server */
  #define INTERNAL_SFTP_NAME	"internal-sftp"
@@ -534,57 +541,23 @@
  typedef struct {
  	u_int	num_ports;
  	u_int	ports_from_cmdline;
[email protected]@ -185,6 +189,13 @@
- 
[email protected]@ -188,6 +192,12 @@ typedef struct {
  	u_int	num_auth_methods;
  	char   *auth_methods[MAX_AUTH_METHODS];
-+
+ 
 +#ifdef PAM_ENHANCEMENT
 +	char   *pam_service_prefix;
 +	char   *pam_service_name;
 +	int	pam_service_per_authmethod;
 +#endif
 +        
+ 	int	fingerprint_hash;
  }       ServerOptions;
  
- /* Information about the incoming connection as used by Match */
---- orig/sshd_config.5	Mon Jan 26 18:02:10 2015
-+++ new/sshd_config.5	Mon Jan 26 18:03:45 2015
[email protected]@ -868,6 +868,21 @@
- are refused if the number of unauthenticated connections reaches
- .Dq full
- (60).
-+.It Cm PAMServiceName
-+Specifies the PAM service name for the PAM session. The PAMServiceName and 
-+PAMServicePrefix options are mutually exclusive and if both set, sshd does not
-+start. If this option is set the service name is the same for all user 
-+authentication methods. The option has no default value. See PAMServicePrefix 
-+for more information.
-+.It Cm PAMServicePrefix
-+Specifies the PAM service name prefix for service names used for individual 
-+user authentication methods. The default is sshd. The PAMServiceName and 
-+PAMServicePrefix options are mutually exclusive and if both set, sshd does not 
-+start.
-+.Pp
-+For example, if this option is set to admincli, the service name for the 
-+keyboard-interactive authentication method is admincli-kbdint instead of the 
-+default sshd-kbdint.
- .It Cm PasswordAuthentication
- Specifies whether password authentication is allowed.
- The default is
[email protected]@ -1203,8 +1218,7 @@
- is enabled, you will not be able to run
- .Xr sshd 8
- as a non-root user.
--The default is
--.Dq no .
-+On Solaris, the option is always enabled.
- .It Cm UsePrivilegeSeparation
- Specifies whether
- .Xr sshd 8
---- orig/sshd.8	Mon Jan 26 18:02:09 2015
-+++ new/sshd.8	Mon Jan 26 18:02:11 2015
[email protected]@ -951,6 +951,33 @@
+diff -pur old/sshd.8 new/sshd.8
+--- old/sshd.8	2015-04-28 06:15:57.254681499 -0700
++++ new/sshd.8	2015-04-28 06:15:57.426325504 -0700
[email protected]@ -945,6 +945,33 @@ concurrently for different ports, this c
  started last).
  The content of this file is not sensitive; it can be world-readable.
  .El
@@ -618,9 +591,10 @@
  .Sh SEE ALSO
  .Xr scp 1 ,
  .Xr sftp 1 ,
---- orig/sshd.c	Tue Mar 31 18:12:33 2015
-+++ new/sshd.c	Tue Mar 31 18:42:28 2015
[email protected]@ -2065,6 +2065,11 @@
+diff -pur old/sshd.c new/sshd.c
+--- old/sshd.c	2015-04-28 06:15:57.302106750 -0700
++++ new/sshd.c	2015-04-28 06:15:57.427449259 -0700
[email protected]@ -2146,6 +2146,11 @@ main(int ac, char **av)
  
  	sshd_exchange_identification(sock_in, sock_out);
  
@@ -632,3 +606,38 @@
  	/* In inetd mode, generate ephemeral key only for proto 1 connections */
  	if (!compat20 && inetd_flag && sensitive_data.server_key == NULL)
  		generate_ephemeral_server_key();
+diff -pur old/sshd_config.5 new/sshd_config.5
+--- old/sshd_config.5	2015-04-28 06:15:57.256560985 -0700
++++ new/sshd_config.5	2015-04-28 06:15:57.425661853 -0700
[email protected]@ -1044,6 +1044,21 @@ The probability increases linearly and a
+ are refused if the number of unauthenticated connections reaches
+ .Dq full
+ (60).
++.It Cm PAMServiceName
++Specifies the PAM service name for the PAM session. The PAMServiceName and 
++PAMServicePrefix options are mutually exclusive and if both set, sshd does not
++start. If this option is set the service name is the same for all user 
++authentication methods. The option has no default value. See PAMServicePrefix 
++for more information.
++.It Cm PAMServicePrefix
++Specifies the PAM service name prefix for service names used for individual 
++user authentication methods. The default is sshd. The PAMServiceName and 
++PAMServicePrefix options are mutually exclusive and if both set, sshd does not 
++start.
++.Pp
++For example, if this option is set to admincli, the service name for the 
++keyboard-interactive authentication method is admincli-kbdint instead of the 
++default sshd-kbdint.
+ .It Cm PasswordAuthentication
+ Specifies whether password authentication is allowed.
+ The default is
[email protected]@ -1427,8 +1442,7 @@ If
+ is enabled, you will not be able to run
+ .Xr sshd 1M
+ as a non-root user.
+-The default is
+-.Dq no .
++On Solaris, the option is always enabled.
+ .It Cm UsePrivilegeSeparation
+ Specifies whether
+ .Xr sshd 1M
--- a/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/020-deprecate_sunssh_sshd_config_opts.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -13,10 +13,10 @@
 # This is a Solaris specific change to ease the transition and will not be
 # offered upstream.
 #
-diff -ur old/servconf.c new/servconf.c
---- old/servconf.c	2014-10-29 07:27:34.549410967 -0700
-+++ new/servconf.c	2014-10-29 07:27:58.775996557 -0700
[email protected]@ -516,6 +516,28 @@
+diff -pur old/servconf.c new/servconf.c
+--- old/servconf.c	2015-03-28 22:31:16.652020119 +0100
++++ new/servconf.c	2015-03-28 22:34:36.569887785 +0100
[email protected]@ -557,6 +557,28 @@ static struct {
          { "pamserviceprefix", sPAMServicePrefix, SSHCFG_GLOBAL },
          { "pamservicename", sPAMServiceName, SSHCFG_GLOBAL },
  #endif
@@ -42,6 +42,6 @@
 +	{ "useunsupportedsshv1", sDeprecated, SSHCFG_GLOBAL },
 +	{ "usefips140", sDeprecated, SSHCFG_ALL},
 +#endif
- 	{ NULL, sBadOption, 0 }
- };
- 
+ 	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
+ 	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ 	{ "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
--- a/components/openssh/patches/021-CVE-2014-2653.patch	Wed Jun 17 14:55:22 2015 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,63 +0,0 @@
-#
-# This is to fix the CVE-2014-2653 security bug.  The bug fix code came from
-# OpenSSH. When we upgrade OpenSSH to version 6.7 or later, we will remove
-# this patch file.
-#
---- orig/sshconnect.c	Mon Jun 16 10:31:17 2014
-+++ new/sshconnect.c	Mon Jun 16 10:44:16 2014
[email protected]@ -1216,29 +1216,39 @@
- {
- 	int flags = 0;
- 	char *fp;
-+        Key *plain = NULL;
- 
- 	fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX);
- 	debug("Server host key: %s %s", key_type(host_key), fp);
- 	free(fp);
- 
--	/* XXX certs are not yet supported for DNS */
--	if (!key_is_cert(host_key) && options.verify_host_key_dns &&
--	    verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
--		if (flags & DNS_VERIFY_FOUND) {
--
--			if (options.verify_host_key_dns == 1 &&
--			    flags & DNS_VERIFY_MATCH &&
--			    flags & DNS_VERIFY_SECURE)
--				return 0;
--
--			if (flags & DNS_VERIFY_MATCH) {
--				matching_host_key_dns = 1;
--			} else {
--				warn_changed_key(host_key);
--				error("Update the SSHFP RR in DNS with the new "
--				    "host key to get rid of this message.");
-+	if (options.verify_host_key_dns) {
-+		/*
-+		 * XXX certs are not yet supported for DNS, so downgrade
-+		 * them and try the plain key.
-+		 */
-+		plain = key_from_private(host_key);
-+		if (key_is_cert(plain))
-+			key_drop_cert(plain);
-+		if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
-+			if (flags & DNS_VERIFY_FOUND) {
-+				if (options.verify_host_key_dns == 1 &&
-+				    flags & DNS_VERIFY_MATCH &&
-+				    flags & DNS_VERIFY_SECURE) {
-+					key_free(plain);
-+					return 0;
-+				}
-+				if (flags & DNS_VERIFY_MATCH) {
-+					matching_host_key_dns = 1;
-+				} else {
-+					warn_changed_key(plain);
-+					error("Update the SSHFP RR in DNS "
-+					    "with the new host key to get rid "
-+					    "of this message.");
-+				}
- 			}
- 		}
-+		key_free(plain);
- 	}
- 
- 	return check_host_key(host, hostaddr, options.port, host_key, RDRW,
--- a/components/openssh/patches/022-solaris_audit.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/022-solaris_audit.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -20,74 +20,10 @@
 # An additional patch relying on the --with-audit=solaris configuration
 #  should/will be created for sftp Solaris Audit and password change.
 #
---- orig/config.h.in	2014-11-05 13:11:59.968745838 -0800
-+++ new/config.h.in	2014-10-13 14:00:31.117475979 -0700
[email protected]@ -1628,6 +1628,9 @@
- /* Use Linux audit module */
- #undef USE_LINUX_AUDIT
- 
-+/* Use Solaris audit module */
-+#undef USE_SOLARIS_AUDIT
-+
- /* Enable OpenSSL engine support */
- #undef USE_OPENSSL_ENGINE
- 
---- orig/configure	2014-11-05 13:11:59.971959419 -0800
-+++ new/configure	2014-12-04 08:43:59.945675841 -0800
[email protected]@ -1420,7 +1420,7 @@
-   --with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH)
-   --with-ldns[=PATH]      Use ldns for DNSSEC support (optionally in PATH)
-   --with-libedit[=PATH]   Enable libedit support for sftp
--  --with-audit=module     Enable audit support (modules=debug,bsm,linux)
-+  --with-audit=module     Enable audit support (modules=debug,bsm,linux,solaris)
-   --with-pie           Build Position Independent Executables if possible
-   --with-ssl-dir=PATH     Specify path to OpenSSL installation
-   --without-openssl-header-check Disable OpenSSL version consistency check
[email protected]@ -10185,6 +10185,27 @@
- $as_echo "#define USE_LINUX_AUDIT 1" >>confdefs.h
- 
- 		;;
-+	  solaris)
-+		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: solaris" >&5
-+$as_echo "solaris" >&6; }
-+		AUDIT_MODULE=solaris
-+				for ac_header in bsm/adt.h
-+do :
-+  ac_fn_c_check_header_compile "$LINENO" "bsm/adt.h" "ac_cv_header_bsm_adt_h" ""
-+if test "x$ac_cv_header_bsm_adt_h" = xyes; then :
-+  cat >>confdefs.h <<_ACEOF
-+#define HAVE_ADT_H 1
-+_ACEOF
-+
-+else
-+  as_fn_error $? "Solaris Audit enabled and bsm/adt.h not found" "$LINENO" 5
-+fi
-+
-+done
-+
-+		SSHDLIBS="$SSHDLIBS -lbsm"
-+$as_echo "#define USE_SOLARIS_AUDIT 1" >>confdefs.h
-+	  	;;
- 	  debug)
- 		AUDIT_MODULE=debug
- 		{ $as_echo "$as_me:${as_lineno-$LINENO}: result: debug" >&5
---- orig/defines.h	2014-01-17 05:12:38.000000000 -0800
-+++ new/defines.h	2014-09-12 10:09:27.000000000 -0700
[email protected]@ -622,6 +622,11 @@
- # define CUSTOM_SSH_AUDIT_EVENTS
- #endif
- 
-+#ifdef USE_SOLARIS_AUDIT
-+# define SSH_AUDIT_EVENTS
-+# define CUSTOM_SSH_AUDIT_EVENTS
-+#endif
-+
- #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
- #  define __func__ __FUNCTION__
- #elif !defined(HAVE___func__)
---- orig/INSTALL	2013-03-06 17:33:35.000000000 -0800
-+++ new/INSTALL	2014-12-04 08:41:24.369920230 -0800
[email protected]@ -97,9 +97,13 @@
+diff -pur old/INSTALL new/INSTALL
+--- old/INSTALL	2015-03-16 22:49:20.000000000 -0700
++++ new/INSTALL	2015-05-21 03:54:29.120932630 -0700
[email protected]@ -92,9 +92,13 @@ http://www.gnu.org/software/autoconf/
  
  Basic Security Module (BSM):
  
@@ -104,7 +40,7 @@
  
  
  2. Building / Installation
[email protected]@ -152,8 +156,9 @@
[email protected]@ -147,8 +151,9 @@ name).
  There are a few other options to the configure script:
  
  --with-audit=[module] enable additional auditing via the specified module.
@@ -116,9 +52,10 @@
  
  --with-pam enables PAM support. If PAM support is compiled in, it must
  also be enabled in sshd_config (refer to the UsePAM directive).
---- orig/Makefile.in	2014-11-12 15:18:05.366726810 -0800
-+++ new/Makefile.in	2014-11-12 15:22:36.825227512 -0800
[email protected]@ -84,7 +84,7 @@
+diff -pur old/Makefile.in new/Makefile.in
+--- old/Makefile.in	2015-05-21 03:54:29.058280375 -0700
++++ new/Makefile.in	2015-05-21 03:54:29.121196577 -0700
[email protected]@ -100,7 +100,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s
  	roaming_common.o roaming_client.o
  
  SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
@@ -127,9 +64,10 @@
  	sshpty.o sshlogin.o servconf.o serverloop.o \
  	auth.o auth1.o auth2.o auth-options.o session.o \
  	auth-chall.o auth2-chall.o groupaccess.o \
---- orig/README.platform	2009-08-28 16:14:48.000000000 -0700
-+++ new/README.platform	2014-09-12 09:45:50.000000000 -0700
[email protected]@ -68,8 +68,8 @@
+diff -pur old/README.platform new/README.platform
+--- old/README.platform	2015-03-16 22:49:20.000000000 -0700
++++ new/README.platform	2015-05-21 03:54:29.121331205 -0700
[email protected]@ -68,8 +68,8 @@ zlib-devel and pam-devel, on Debian base
  libssl-dev, libz-dev and libpam-dev.
  
  
@@ -140,7 +78,7 @@
  If you enable BSM auditing on Solaris, you need to update audit_event(4)
  for praudit(1m) to give sensible output.  The following line needs to be
  added to /etc/security/audit_event:
[email protected]@ -82,6 +82,9 @@
[email protected]@ -82,6 +82,9 @@ There is no official registry of 3rd par
  number is already in use on your system, you may change it at build time
  by configure'ing --with-cflags=-DAUE_openssh=32801 then rebuilding.
  
@@ -150,10 +88,212 @@
  
  Platforms using PAM
  -------------------
---- orig/sshd.c	2014-11-05 13:11:59.974945893 -0800
-+++ new/sshd.c	2014-11-10 13:33:12.279354856 -0800
[email protected]@ -2139,7 +2139,9 @@
- #endif 
+diff -pur old/config.h.in new/config.h.in
+--- old/config.h.in	2015-05-21 03:54:29.047656051 -0700
++++ new/config.h.in	2015-05-21 03:54:29.121686621 -0700
[email protected]@ -1635,6 +1635,9 @@
+ /* Use Linux audit module */
+ #undef USE_LINUX_AUDIT
+ 
++/* Use Solaris audit module */
++#undef USE_SOLARIS_AUDIT
++
+ /* Enable OpenSSL engine support */
+ #undef USE_OPENSSL_ENGINE
+ 
+diff -pur old/configure new/configure
+--- old/configure	2015-05-21 03:54:29.053171257 -0700
++++ new/configure	2015-05-21 06:53:04.579282150 -0700
[email protected]@ -1336,7 +1336,7 @@ Optional Packages:
+   --with-skey[=PATH]      Enable S/Key support (optionally in PATH)
+   --with-ldns[=PATH]      Use ldns for DNSSEC support (optionally in PATH)
+   --with-libedit[=PATH]   Enable libedit support for sftp
+-  --with-audit=module     Enable audit support (modules=debug,bsm,linux)
++  --with-audit=module     Enable audit support (modules=debug,bsm,linux,solaris)
+   --with-pie              Build Position Independent Executables if possible
+   --with-ssl-dir=PATH     Specify path to OpenSSL installation
+   --without-openssl-header-check Disable OpenSSL version consistency check
[email protected]@ -16106,6 +16106,160 @@ cat >>confdefs.h <<\_ACEOF
+ _ACEOF
+ 
+ 		;;
++	  solaris)
++		{ echo "$as_me:$LINENO: result: solaris" >&5
++echo "${ECHO_T}solaris" >&6; }
++		AUDIT_MODULE=solaris
++
++for ac_header in bsm/adt.h
++do
++as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh`
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++  { echo "$as_me:$LINENO: checking for $ac_header" >&5
++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++fi
++ac_res=`eval echo '${'$as_ac_Header'}'`
++	       { echo "$as_me:$LINENO: result: $ac_res" >&5
++echo "${ECHO_T}$ac_res" >&6; }
++else
++  # Is the header compilable?
++{ echo "$as_me:$LINENO: checking $ac_header usability" >&5
++echo $ECHO_N "checking $ac_header usability... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++$ac_includes_default
++#include <$ac_header>
++_ACEOF
++rm -f conftest.$ac_objext
++if { (ac_try="$ac_compile"
++case "(($ac_try" in
++  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++  *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++  (eval "$ac_compile") 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } && {
++	 test -z "$ac_c_werror_flag" ||
++	 test ! -s conftest.err
++       } && test -s conftest.$ac_objext; then
++  ac_header_compiler=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++	ac_header_compiler=no
++fi
++
++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
++echo "${ECHO_T}$ac_header_compiler" >&6; }
++
++# Is the header present?
++{ echo "$as_me:$LINENO: checking $ac_header presence" >&5
++echo $ECHO_N "checking $ac_header presence... $ECHO_C" >&6; }
++cat >conftest.$ac_ext <<_ACEOF
++/* confdefs.h.  */
++_ACEOF
++cat confdefs.h >>conftest.$ac_ext
++cat >>conftest.$ac_ext <<_ACEOF
++/* end confdefs.h.  */
++#include <$ac_header>
++_ACEOF
++if { (ac_try="$ac_cpp conftest.$ac_ext"
++case "(($ac_try" in
++  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
++  *) ac_try_echo=$ac_try;;
++esac
++eval "echo \"\$as_me:$LINENO: $ac_try_echo\"") >&5
++  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
++  ac_status=$?
++  grep -v '^ *+' conftest.er1 >conftest.err
++  rm -f conftest.er1
++  cat conftest.err >&5
++  echo "$as_me:$LINENO: \$? = $ac_status" >&5
++  (exit $ac_status); } >/dev/null && {
++	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
++	 test ! -s conftest.err
++       }; then
++  ac_header_preproc=yes
++else
++  echo "$as_me: failed program was:" >&5
++sed 's/^/| /' conftest.$ac_ext >&5
++
++  ac_header_preproc=no
++fi
++
++rm -f conftest.err conftest.$ac_ext
++{ echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
++echo "${ECHO_T}$ac_header_preproc" >&6; }
++
++# So?  What about this header?
++case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
++  yes:no: )
++    { echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
++echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
++    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
++echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
++    ac_header_preproc=yes
++    ;;
++  no:yes:* )
++    { echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
++echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
++    { echo "$as_me:$LINENO: WARNING: $ac_header:     check for missing prerequisite headers?" >&5
++echo "$as_me: WARNING: $ac_header:     check for missing prerequisite headers?" >&2;}
++    { echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
++echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
++    { echo "$as_me:$LINENO: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&5
++echo "$as_me: WARNING: $ac_header:     section \"Present But Cannot Be Compiled\"" >&2;}
++    { echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
++echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
++    { echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
++echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
++    ( cat <<\_ASBOX
++## ------------------------------------------- ##
++## Report this to [email protected] ##
++## ------------------------------------------- ##
++_ASBOX
++     ) | sed "s/^/$as_me: WARNING:     /" >&2
++    ;;
++esac
++{ echo "$as_me:$LINENO: checking for $ac_header" >&5
++echo $ECHO_N "checking for $ac_header... $ECHO_C" >&6; }
++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
++  echo $ECHO_N "(cached) $ECHO_C" >&6
++else
++  eval "$as_ac_Header=\$ac_header_preproc"
++fi
++ac_res=`eval echo '${'$as_ac_Header'}'`
++	       { echo "$as_me:$LINENO: result: $ac_res" >&5
++echo "${ECHO_T}$ac_res" >&6; }
++
++fi
++if test `eval echo '${'$as_ac_Header'}'` = yes; then
++  cat >>confdefs.h <<_ACEOF
++#define `echo "HAVE_$ac_header" | $as_tr_cpp` 1
++_ACEOF
++
++fi
++
++done
++
++		SSHDLIBS="$SSHDLIBS -lbsm"
++cat >>confdefs.h <<\_ACEOF
++#define USE_SOLARIS_AUDIT 1
++_ACEOF
++	  	;;
+ 	  debug)
+ 		AUDIT_MODULE=debug
+ 		{ echo "$as_me:$LINENO: result: debug" >&5
+diff -pur old/defines.h new/defines.h
+--- old/defines.h	2015-03-16 22:49:20.000000000 -0700
++++ new/defines.h	2015-05-21 03:54:29.127386034 -0700
[email protected]@ -635,6 +635,11 @@ struct winsize {
+ # define CUSTOM_SSH_AUDIT_EVENTS
+ #endif
+ 
++#ifdef USE_SOLARIS_AUDIT
++# define SSH_AUDIT_EVENTS
++# define CUSTOM_SSH_AUDIT_EVENTS
++#endif
++
+ #if !defined(HAVE___func__) && defined(HAVE___FUNCTION__)
+ #  define __func__ __FUNCTION__
+ #elif !defined(HAVE___func__)
+diff -pur old/sshd.c new/sshd.c
+--- old/sshd.c	2015-05-21 03:54:29.070139157 -0700
++++ new/sshd.c	2015-05-21 03:54:29.127803176 -0700
[email protected]@ -2215,7 +2215,9 @@ main(int ac, char **av)
+ 	}
  
  #ifdef SSH_AUDIT_EVENTS
 +#ifndef	USE_SOLARIS_AUDIT
@@ -162,7 +302,7 @@
  #endif
  
  #ifdef GSSAPI
[email protected]@ -2169,6 +2171,10 @@
[email protected]@ -2245,6 +2247,10 @@ main(int ac, char **av)
  		do_pam_session();
  	}
  #endif
--- a/components/openssh/patches/023-gsskex.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/023-gsskex.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -9,32 +9,30 @@
 # Upstream rejected GSS-API key exchange several times before.
 #
 diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in	2014-11-19 08:19:53.525006324 -0800
-+++ new/Makefile.in	2014-11-19 08:28:29.235999361 -0800
[email protected]@ -72,6 +72,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o
- 	atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
+--- old/Makefile.in	2015-05-21 02:51:54.413234716 -0700
++++ new/Makefile.in	2015-05-21 02:51:54.513293268 -0700
[email protected]@ -87,6 +87,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
  	monitor_fdpass.o rijndael.o ssh-dss.o ssh-ecdsa.o ssh-rsa.o dh.o \
- 	kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \
+ 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
+ 	sftp_provider.o \
 +	kexgssc.o \
- 	msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
- 	jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \
- 	kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \
[email protected]@ -92,7 +93,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- 	auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \
- 	monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \
- 	kexc25519s.o auth-krb5.o \
+ 	ssh-pkcs11.o smult_curve25519_ref.o \
+ 	poly1305.o chacha.o cipher-chachapoly.o \
+ 	ssh-ed25519.o digest-openssl.o digest-libc.o hmac.o \
[email protected]@ -107,7 +108,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
+ 	auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
+ 	auth2-none.o auth2-passwd.o auth2-pubkey.o \
+ 	monitor_mm.o monitor.o monitor_wrap.o auth-krb5.o \
 -	auth2-gss.o gss-serv.o gss-serv-krb5.o \
 +	auth2-gss.o gss-serv.o gss-serv-krb5.o kexgsss.o \
  	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
  	sftp-server.o sftp-common.o \
  	roaming_common.o roaming_serv.o \
-Only in new/: Makefile.in.orig
-Only in new/: Makefile.in.rej
 diff -pur old/auth2-gss.c new/auth2-gss.c
---- old/auth2-gss.c	2014-11-19 08:19:53.432431374 -0800
-+++ new/auth2-gss.c	2014-11-20 07:46:37.640415003 -0800
+--- old/auth2-gss.c	2015-03-16 22:49:20.000000000 -0700
++++ new/auth2-gss.c	2015-05-21 02:51:54.513863282 -0700
 @@ -1,7 +1,7 @@
- /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */
+ /* $OpenBSD: auth2-gss.c,v 1.22 2015/01/19 20:07:45 markus Exp $ */
  
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -42,9 +40,9 @@
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
[email protected]@ -56,6 +56,39 @@ static void input_gssapi_mic(int type, u
- static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
- static void input_gssapi_errtok(int, u_int32_t, void *);
[email protected]@ -53,6 +53,39 @@ static int input_gssapi_mic(int type, u_
+ static int input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
+ static int input_gssapi_errtok(int, u_int32_t, void *);
  
 +/* 
 + * The 'gssapi_keyex' userauth mechanism.
@@ -82,8 +80,8 @@
  /*
   * We only support those mechanisms that we know about (ie ones that we know
   * how to check local user kuserok and the like)
[email protected]@ -300,6 +333,12 @@ input_gssapi_mic(int type, u_int32_t ple
- 	userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL);
[email protected]@ -290,6 +323,12 @@ input_gssapi_mic(int type, u_int32_t ple
+ 	return 0;
  }
  
 +Authmethod method_gsskeyex = {
@@ -95,32 +93,46 @@
  Authmethod method_gssapi = {
  	"gssapi-with-mic",
  	userauth_gssapi,
-Only in new/: auth2-gss.c.orig
-Only in new/: auth2-gss.c~
 diff -pur old/auth2.c new/auth2.c
---- old/auth2.c	2014-11-19 08:19:53.555080638 -0800
-+++ new/auth2.c	2014-11-19 08:19:53.614409503 -0800
[email protected]@ -69,6 +69,7 @@ extern Authmethod method_passwd;
+--- old/auth2.c	2015-05-21 02:51:54.362963450 -0700
++++ new/auth2.c	2015-05-21 02:51:54.514409021 -0700
[email protected]@ -70,6 +70,7 @@ extern Authmethod method_passwd;
  extern Authmethod method_kbdint;
  extern Authmethod method_hostbased;
  #ifdef GSSAPI
 +extern Authmethod method_gsskeyex;
  extern Authmethod method_gssapi;
  #endif
- #ifdef JPAKE
[email protected]@ -79,6 +80,7 @@ Authmethod *authmethods[] = {
+ 
[email protected]@ -77,6 +78,7 @@ Authmethod *authmethods[] = {
  	&method_none,
  	&method_pubkey,
  #ifdef GSSAPI
 +	&method_gsskeyex,
  	&method_gssapi,
  #endif
- #ifdef JPAKE
+ 	&method_passwd,
+diff -pur old/configure new/configure
+--- old/configure	2015-05-21 02:51:54.418977239 -0700
++++ new/configure	2015-05-21 04:08:21.689628474 -0700
[email protected]@ -10869,8 +10869,10 @@ fi
+ 
+ fi
+ 
+-        $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
+-        $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
++cat >>confdefs.h <<\_ACEOF
++#define	USE_GSS_STORE_CRED 1
++#define	GSSAPI_STORECREDS_NEEDS_RUID 1
++_ACEOF
+ 
+ 	TEST_SHELL=$SHELL	# let configure find us a capable shell
+ 	;;
 diff -pur old/gss-genr.c new/gss-genr.c
---- old/gss-genr.c	2013-11-07 17:19:57.000000000 -0800
-+++ new/gss-genr.c	2014-11-20 04:06:38.323380064 -0800
+--- old/gss-genr.c	2015-03-16 22:49:20.000000000 -0700
++++ new/gss-genr.c	2015-05-21 02:51:54.515221154 -0700
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-genr.c,v 1.22 2013/11/08 00:39:15 djm Exp $ */
+ /* $OpenBSD: gss-genr.c,v 1.23 2015/01/20 23:14:00 deraadt Exp $ */
  
  /*
 - * Copyright (c) 2001-2007 Simon Wilkinson. All rights reserved.
@@ -128,7 +140,7 @@
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
[email protected]@ -39,12 +39,167 @@
[email protected]@ -40,12 +40,167 @@
  #include "buffer.h"
  #include "log.h"
  #include "ssh2.h"
@@ -296,7 +308,7 @@
  /* Check that the OID in a data stream matches that in the context */
  int
  ssh_gssapi_check_oid(Gssctxt *ctx, void *data, size_t len)
[email protected]@ -229,6 +384,9 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
[email protected]@ -230,6 +385,9 @@ ssh_gssapi_import_name(Gssctxt *ctx, con
  OM_uint32
  ssh_gssapi_sign(Gssctxt *ctx, gss_buffer_t buffer, gss_buffer_t hash)
  {
@@ -306,7 +318,7 @@
  	if ((ctx->major = gss_get_mic(&ctx->minor, ctx->context,
  	    GSS_C_QOP_DEFAULT, buffer, hash)))
  		ssh_gssapi_error(ctx);
[email protected]@ -236,6 +394,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
[email protected]@ -237,6 +395,19 @@ ssh_gssapi_sign(Gssctxt *ctx, gss_buffer
  	return (ctx->major);
  }
  
@@ -326,7 +338,7 @@
  void
  ssh_gssapi_buildmic(Buffer *b, const char *user, const char *service,
      const char *context)
[email protected]@ -254,6 +425,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
[email protected]@ -255,6 +426,10 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
  	gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
  	OM_uint32 major, minor;
  	gss_OID_desc spnego_oid = {6, (void *)"\x2B\x06\x01\x05\x05\x02"};
@@ -337,7 +349,7 @@
  
  	/* RFC 4462 says we MUST NOT do SPNEGO */
  	if (oid->length == spnego_oid.length && 
[email protected]@ -272,7 +447,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
[email protected]@ -273,7 +448,7 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx
  			    GSS_C_NO_BUFFER);
  	}
  
@@ -346,13 +358,11 @@
  		ssh_gssapi_delete_ctx(ctx);
  
  	return (!GSS_ERROR(major));
-Only in new/: gss-genr.c.orig
-Only in new/: gss-genr.c~
 diff -pur old/gss-serv.c new/gss-serv.c
---- old/gss-serv.c	2014-11-19 08:19:53.495994604 -0800
-+++ new/gss-serv.c	2014-11-19 08:19:53.614894916 -0800
+--- old/gss-serv.c	2015-05-21 02:51:54.328370202 -0700
++++ new/gss-serv.c	2015-05-21 02:51:54.515853684 -0700
 @@ -1,7 +1,7 @@
- /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */
+ /* $OpenBSD: gss-serv.c,v 1.28 2015/01/20 23:14:00 deraadt Exp $ */
  
  /*
 - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
@@ -360,7 +370,7 @@
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
[email protected]@ -47,6 +47,7 @@
[email protected]@ -46,6 +46,7 @@
  #include "misc.h"
  
  #include "ssh-gss.h"
@@ -368,7 +378,7 @@
  
  static ssh_gssapi_client gssapi_client =
      { GSS_C_EMPTY_BUFFER, GSS_C_EMPTY_BUFFER,
[email protected]@ -114,6 +115,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
[email protected]@ -132,6 +133,28 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss
  }
  
  /* Unprivileged */
@@ -397,7 +407,7 @@
  void
  ssh_gssapi_supported_oids(gss_OID_set *oidset)
  {
[email protected]@ -123,7 +146,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
[email protected]@ -141,7 +164,9 @@ ssh_gssapi_supported_oids(gss_OID_set *o
  	gss_OID_set supported;
  
  	gss_create_empty_oid_set(&min_status, oidset);
@@ -408,7 +418,7 @@
  
  	while (supported_mechs[i]->name != NULL) {
  		if (GSS_ERROR(gss_test_oid_set_member(&min_status,
[email protected]@ -398,14 +423,4 @@ ssh_gssapi_userok(char *user)
[email protected]@ -417,14 +442,4 @@ ssh_gssapi_userok(char *user)
  	return (0);
  }
  
@@ -423,12 +433,11 @@
 -}
 -
  #endif
-Only in new/: gss-serv.c.orig
 diff -pur old/kex.c new/kex.c
---- old/kex.c	2014-01-25 14:38:04.000000000 -0800
-+++ new/kex.c	2014-11-20 06:10:14.432397588 -0800
[email protected]@ -51,6 +51,10 @@
- #include "roaming.h"
+--- old/kex.c	2015-03-16 22:49:20.000000000 -0700
++++ new/kex.c	2015-05-21 02:51:54.516546804 -0700
[email protected]@ -55,6 +55,10 @@
+ #include "sshbuf.h"
  #include "digest.h"
  
 +#ifdef GSSAPI
@@ -438,10 +447,10 @@
  #if OPENSSL_VERSION_NUMBER >= 0x00907000L
  # if defined(HAVE_EVP_SHA256)
  # define evp_ssh_sha256 EVP_sha256
[email protected]@ -90,6 +94,11 @@ static const struct kexalg kexalgs[] = {
- #ifdef HAVE_EVP_SHA256
[email protected]@ -95,6 +99,11 @@ static const struct kexalg kexalgs[] = {
+ #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
  	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
- #endif
+ #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
 +#ifdef GSSAPI
 +	{ KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
 +	{ KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
@@ -450,7 +459,7 @@
  	{ NULL, -1, -1, -1},
  };
  
[email protected]@ -117,7 +126,7 @@ kex_alg_by_name(const char *name)
[email protected]@ -126,7 +135,7 @@ kex_alg_by_name(const char *name)
  	const struct kexalg *k;
  
  	for (k = kexalgs; k->name != NULL; k++) {
@@ -459,13 +468,10 @@
  			return k;
  	}
  	return NULL;
-Only in new/: kex.c.orig
-Only in new/: kex.c.rej
-Only in new/: kex.c~
 diff -pur old/kex.h new/kex.h
---- old/kex.h	2014-01-25 14:37:26.000000000 -0800
-+++ new/kex.h	2014-11-20 00:26:26.185459758 -0800
[email protected]@ -76,6 +76,9 @@ enum kex_exchange {
+--- old/kex.h	2015-03-16 22:49:20.000000000 -0700
++++ new/kex.h	2015-05-21 04:13:55.764501761 -0700
[email protected]@ -93,6 +93,9 @@ enum kex_exchange {
  	KEX_DH_GEX_SHA256,
  	KEX_ECDH_SHA2,
  	KEX_C25519_SHA256,
@@ -475,8 +481,8 @@
  	KEX_MAX
  };
  
[email protected]@ -136,6 +139,10 @@ struct Kex {
- 	int	flags;
[email protected]@ -139,6 +142,10 @@ struct kex {
+ 	u_int	flags;
  	int	hash_alg;
  	int	ec_nid;
 +#ifdef GSSAPI
@@ -485,56 +491,22 @@
 +#endif
  	char	*client_version_string;
  	char	*server_version_string;
- 	int	(*verify_host_key)(Key *);
[email protected]@ -168,6 +175,11 @@ void	 kexecdh_server(Kex *);
- void	 kexc25519_client(Kex *);
- void	 kexc25519_server(Kex *);
- 
+ 	int	(*verify_host_key)(struct sshkey *, struct ssh *);
[email protected]@ -183,6 +190,10 @@ int	 kexecdh_client(struct ssh *);
+ int	 kexecdh_server(struct ssh *);
+ int	 kexc25519_client(struct ssh *);
+ int	 kexc25519_server(struct ssh *);
 +#ifdef GSSAPI
-+void	kexgss_client(Kex *);
-+void	kexgss_server(Kex *);
++int	 kexgss_client(struct ssh *);
++int	 kexgss_server(struct ssh *);
 +#endif
-+
- void
- kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
-     BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
-Only in new/: kex.h.orig
-Only in new/: kex.h.rej
-Only in new/: kex.h~
-Only in new/: kexgssc.c
-Only in new/: kexgssc.c~
-Only in new/: kexgsss.c
-Only in new/: kexgsss.c~
-diff -pur old/key.c new/key.c
---- old/key.c	2014-01-09 15:58:53.000000000 -0800
-+++ new/key.c	2014-11-19 11:03:01.227859791 -0800
[email protected]@ -985,6 +985,7 @@ static const struct keytype keytypes[] =
- 	    KEY_DSA_CERT_V00, 0, 1 },
- 	{ "[email protected]", "ED25519-CERT",
- 	    KEY_ED25519_CERT, 0, 1 },
-+	{ "null", "null", KEY_NULL, 0, 0 },
- 	{ NULL, NULL, -1, -1, 0 }
- };
  
-Only in new/: key.c.orig
-Only in new/: key.c.rej
-Only in new/: key.c~
-diff -pur old/key.h new/key.h
---- old/key.h	2014-01-09 15:58:53.000000000 -0800
-+++ new/key.h	2014-11-19 08:19:53.616502306 -0800
[email protected]@ -46,6 +46,7 @@ enum types {
- 	KEY_ED25519_CERT,
- 	KEY_RSA_CERT_V00,
- 	KEY_DSA_CERT_V00,
-+	KEY_NULL,
- 	KEY_UNSPEC
- };
- enum fp_type {
-Only in new/: key.h.orig
+ int	 kex_dh_hash(const char *, const char *,
+     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
 diff -pur old/monitor.c new/monitor.c
---- old/monitor.c	2014-11-19 08:19:53.555737643 -0800
-+++ new/monitor.c	2014-11-20 04:07:05.882669648 -0800
[email protected]@ -184,6 +184,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
+--- old/monitor.c	2015-05-21 02:51:54.364298135 -0700
++++ new/monitor.c	2015-05-21 02:51:54.518833104 -0700
[email protected]@ -160,6 +160,7 @@ int mm_answer_gss_setup_ctx(int, Buffer
  int mm_answer_gss_accept_ctx(int, Buffer *);
  int mm_answer_gss_userok(int, Buffer *);
  int mm_answer_gss_checkmic(int, Buffer *);
@@ -542,15 +514,13 @@
  #endif
  
  #ifdef SSH_AUDIT_EVENTS
[email protected]@ -263,6 +264,7 @@ struct mon_table mon_dispatch_proto20[]
[email protected]@ -244,11 +245,17 @@ struct mon_table mon_dispatch_proto20[]
      {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx},
      {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok},
      {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic},
 +    {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign},
  #endif
- #ifdef JPAKE
-     {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata},
[email protected]@ -275,6 +277,11 @@ struct mon_table mon_dispatch_proto20[]
+     {0, 0, NULL}
  };
  
  struct mon_table mon_dispatch_postauth20[] = {
@@ -559,10 +529,10 @@
 +    {MONITOR_REQ_GSSSTEP, 0, mm_answer_gss_accept_ctx},
 +    {MONITOR_REQ_GSSSIGN, 0, mm_answer_gss_sign},
 +#endif
+ #ifdef WITH_OPENSSL
      {MONITOR_REQ_MODULI, 0, mm_answer_moduli},
-     {MONITOR_REQ_SIGN, 0, mm_answer_sign},
-     {MONITOR_REQ_PTY, 0, mm_answer_pty},
[email protected]@ -383,6 +390,10 @@ monitor_child_preauth(Authctxt *_authctx
+ #endif
[email protected]@ -363,6 +370,10 @@ monitor_child_preauth(Authctxt *_authctx
  		/* Permit requests for moduli and signatures */
  		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
@@ -573,7 +543,7 @@
  	} else {
  		mon_dispatch = mon_dispatch_proto15;
  
[email protected]@ -497,6 +508,10 @@ monitor_child_postauth(struct monitor *p
[email protected]@ -502,6 +513,10 @@ monitor_child_postauth(struct monitor *p
  		monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
@@ -584,21 +554,21 @@
  	} else {
  		mon_dispatch = mon_dispatch_postauth15;
  		monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
[email protected]@ -1888,6 +1903,13 @@ mm_get_kex(Buffer *m)
- 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
- 	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
- 	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
[email protected]@ -1923,6 +1938,13 @@ monitor_apply_keystate(struct monitor *p
+ # endif
+ #endif /* WITH_OPENSSL */
+ 		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 +#ifdef GSSAPI
-+	if (options.gss_keyex) {
-+		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-+		kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
-+		kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
-+	}
++		if (options.gss_keyex) {
++			kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
++			kex->kex[KEX_GSS_GRP14_SHA1] = kexgss_server;
++			kex->kex[KEX_GSS_GEX_SHA1] = kexgss_server;
++		}
 +#endif
- 	kex->server = 1;
- 	kex->hostkey_type = buffer_get_int(m);
- 	kex->kex_type = buffer_get_int(m);
[email protected]@ -2095,6 +2117,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
+ 		kex->load_host_public_key=&get_hostkey_public_by_type;
+ 		kex->load_host_private_key=&get_hostkey_private_by_type;
+ 		kex->host_key_index=&get_hostkey_index;
[email protected]@ -2022,6 +2044,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer
  	OM_uint32 major;
  	u_int len;
  
@@ -608,7 +578,7 @@
  	goid.elements = buffer_get_string(m, &len);
  	goid.length = len;
  
[email protected]@ -2122,6 +2147,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
[email protected]@ -2049,6 +2074,9 @@ mm_answer_gss_accept_ctx(int sock, Buffe
  	OM_uint32 flags = 0; /* GSI needs this */
  	u_int len;
  
@@ -618,7 +588,7 @@
  	in.value = buffer_get_string(m, &len);
  	in.length = len;
  	major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
[email protected]@ -2139,6 +2167,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
[email protected]@ -2066,6 +2094,7 @@ mm_answer_gss_accept_ctx(int sock, Buffe
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
  		monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -626,7 +596,7 @@
  	}
  	return (0);
  }
[email protected]@ -2150,6 +2179,9 @@ mm_answer_gss_checkmic(int sock, Buffer
[email protected]@ -2077,6 +2106,9 @@ mm_answer_gss_checkmic(int sock, Buffer
  	OM_uint32 ret;
  	u_int len;
  
@@ -636,7 +606,7 @@
  	gssbuf.value = buffer_get_string(m, &len);
  	gssbuf.length = len;
  	mic.value = buffer_get_string(m, &len);
[email protected]@ -2176,6 +2208,9 @@ mm_answer_gss_userok(int sock, Buffer *m
[email protected]@ -2103,6 +2135,9 @@ mm_answer_gss_userok(int sock, Buffer *m
  {
  	int authenticated;
  
@@ -646,7 +616,7 @@
  	authenticated = authctxt->valid && ssh_gssapi_userok(authctxt->user);
  
  	buffer_clear(m);
[email protected]@ -2189,6 +2224,48 @@ mm_answer_gss_userok(int sock, Buffer *m
[email protected]@ -2116,5 +2151,47 @@ mm_answer_gss_userok(int sock, Buffer *m
  	/* Monitor loop will terminate if authenticated */
  	return (authenticated);
  }
@@ -694,14 +664,10 @@
 +
  #endif /* GSSAPI */
  
- #ifdef JPAKE
-Only in new/: monitor.c.orig
-Only in new/: monitor.c.rej
-Only in new/: monitor.c~
 diff -pur old/monitor.h new/monitor.h
---- old/monitor.h	2014-11-19 08:19:53.555841204 -0800
-+++ new/monitor.h	2014-11-19 09:27:51.185925631 -0800
[email protected]@ -73,6 +73,9 @@ enum monitor_reqtype {
+--- old/monitor.h	2015-05-21 02:51:54.364660946 -0700
++++ new/monitor.h	2015-05-21 02:51:54.519394748 -0700
[email protected]@ -68,6 +68,9 @@ enum monitor_reqtype {
  #ifdef PAM_ENHANCEMENT
          MONITOR_REQ_AUTHMETHOD = 114,
  #endif        
@@ -711,12 +677,10 @@
  };
  
  struct mm_master;
-Only in new/: monitor.h.orig
-Only in new/: monitor.h.rej
 diff -pur old/monitor_wrap.c new/monitor_wrap.c
---- old/monitor_wrap.c	2014-11-19 08:19:53.555313040 -0800
-+++ new/monitor_wrap.c	2014-11-19 08:19:53.617470451 -0800
[email protected]@ -1308,6 +1308,29 @@ mm_ssh_gssapi_userok(char *user)
+--- old/monitor_wrap.c	2015-05-21 02:51:54.365259156 -0700
++++ new/monitor_wrap.c	2015-05-21 02:51:54.519982413 -0700
[email protected]@ -1103,5 +1103,28 @@ mm_ssh_gssapi_userok(char *user)
  	debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not ");
  	return (authenticated);
  }
@@ -745,11 +709,9 @@
 +
  #endif /* GSSAPI */
  
- #ifdef JPAKE
-Only in new/: monitor_wrap.c.orig
 diff -pur old/monitor_wrap.h new/monitor_wrap.h
---- old/monitor_wrap.h	2011-06-19 21:42:23.000000000 -0700
-+++ new/monitor_wrap.h	2014-11-19 08:19:53.617555551 -0800
+--- old/monitor_wrap.h	2015-03-16 22:49:20.000000000 -0700
++++ new/monitor_wrap.h	2015-05-21 02:51:54.520316939 -0700
 @@ -60,6 +60,7 @@ OM_uint32 mm_ssh_gssapi_accept_ctx(Gssct
     gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *);
  int mm_ssh_gssapi_userok(char *user);
@@ -758,11 +720,10 @@
  #endif
  
  #ifdef USE_PAM
-Only in new/: monitor_wrap.h.orig
 diff -pur old/readconf.c new/readconf.c
---- old/readconf.c	2014-11-19 08:19:53.577815170 -0800
-+++ new/readconf.c	2014-11-19 09:42:12.825342175 -0800
[email protected]@ -140,6 +140,7 @@ typedef enum {
+--- old/readconf.c	2015-05-21 02:51:54.384748072 -0700
++++ new/readconf.c	2015-05-21 02:51:54.521602190 -0700
[email protected]@ -147,6 +147,7 @@ typedef enum {
  	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
  	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
  	oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -770,7 +731,7 @@
  	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
  	oSendEnv, oControlPath, oControlMaster, oControlPersist,
  	oHashKnownHosts,
[email protected]@ -187,9 +188,11 @@ static struct {
[email protected]@ -195,9 +196,11 @@ static struct {
  #if defined(GSSAPI)
  	{ "gssapiauthentication", oGssAuthentication },
  	{ "gssapidelegatecredentials", oGssDelegateCreds },
@@ -782,7 +743,7 @@
  #endif
  	{ "fallbacktorsh", oDeprecated },
  	{ "usersh", oDeprecated },
[email protected]@ -876,6 +879,10 @@ parse_time:
[email protected]@ -927,6 +930,10 @@ parse_time:
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -793,7 +754,7 @@
  	case oGssDelegateCreds:
  		intptr = &options->gss_deleg_creds;
  		goto parse_flag;
[email protected]@ -1532,6 +1539,7 @@ initialize_options(Options * options)
[email protected]@ -1643,6 +1650,7 @@ initialize_options(Options * options)
  	options->pubkey_authentication = -1;
  	options->challenge_response_authentication = -1;
  	options->gss_authentication = -1;
@@ -801,7 +762,7 @@
  	options->gss_deleg_creds = -1;
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
[email protected]@ -1645,6 +1653,12 @@ fill_default_options(Options * options)
[email protected]@ -1781,6 +1789,12 @@ fill_default_options(Options * options)
  #else
  		options->gss_authentication = 0;
  #endif
@@ -814,12 +775,10 @@
  	if (options->gss_deleg_creds == -1)
  		options->gss_deleg_creds = 0;
  	if (options->password_authentication == -1)
-Only in new/: readconf.c.orig
-Only in new/: readconf.c.rej
 diff -pur old/readconf.h new/readconf.h
---- old/readconf.h	2014-11-19 08:19:53.536144272 -0800
-+++ new/readconf.h	2014-11-19 08:19:53.618258278 -0800
[email protected]@ -54,6 +54,7 @@ typedef struct {
+--- old/readconf.h	2015-05-21 02:51:54.348366942 -0700
++++ new/readconf.h	2015-05-21 02:51:54.521966549 -0700
[email protected]@ -45,6 +45,7 @@ typedef struct {
  	int     challenge_response_authentication;
  					/* Try S/Key or TIS, authentication. */
  	int     gss_authentication;	/* Try GSS authentication */
@@ -827,11 +786,10 @@
  	int     gss_deleg_creds;	/* Delegate GSS credentials */
  	int     password_authentication;	/* Try password
  						 * authentication. */
-Only in new/: readconf.h.orig
 diff -pur old/servconf.c new/servconf.c
---- old/servconf.c	2014-11-19 08:19:53.589868411 -0800
-+++ new/servconf.c	2014-11-20 04:15:47.500881329 -0800
[email protected]@ -108,6 +108,7 @@ initialize_server_options(ServerOptions
+--- old/servconf.c	2015-05-21 02:51:54.410086670 -0700
++++ new/servconf.c	2015-05-21 02:51:54.523417320 -0700
[email protected]@ -114,6 +114,7 @@ initialize_server_options(ServerOptions
  	options->kerberos_ticket_cleanup = -1;
  	options->kerberos_get_afs_token = -1;
  	options->gss_authentication=-1;
@@ -839,7 +797,7 @@
  	options->gss_cleanup_creds = -1;
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
[email protected]@ -258,6 +259,12 @@ fill_default_server_options(ServerOption
[email protected]@ -294,6 +295,12 @@ fill_default_server_options(ServerOption
  #else
  		options->gss_authentication = 0;
  #endif
@@ -852,15 +810,15 @@
  	if (options->gss_cleanup_creds == -1)
  		options->gss_cleanup_creds = 1;
  	if (options->password_authentication == -1)
[email protected]@ -362,6 +369,7 @@ typedef enum {
[email protected]@ -422,6 +429,7 @@ typedef enum {
  	sBanner, sUseDNS, sHostbasedAuthentication,
- 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
- 	sClientAliveCountMax, sAuthorizedKeysFile,
+ 	sHostbasedUsesNameFromPacketOnly, sHostbasedAcceptedKeyTypes,
+ 	sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile,
 +	sGssKeyEx,
  	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
  	sUsePrivilegeSeparation, sAllowAgentForwarding,
[email protected]@ -431,6 +439,7 @@ static struct {
[email protected]@ -495,6 +503,7 @@ static struct {
  	{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
  #ifdef GSSAPI
  	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
@@ -868,7 +826,7 @@
  #ifdef USE_GSS_STORE_CRED
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  #else /* USE_GSS_STORE_CRED */
[email protected]@ -438,6 +447,7 @@ static struct {
[email protected]@ -502,6 +511,7 @@ static struct {
  #endif /* USE_GSS_STORE_CRED */
  #else
  	{ "gssapiauthentication", sUnsupported, SSHCFG_ALL },
@@ -876,7 +834,7 @@
  	{ "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL },
  #endif
  	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
[email protected]@ -1159,6 +1169,10 @@ process_server_config_line(ServerOptions
[email protected]@ -1243,6 +1253,10 @@ process_server_config_line(ServerOptions
  		intptr = &options->gss_authentication;
  		goto parse_flag;
  
@@ -887,21 +845,18 @@
  	case sGssCleanupCreds:
  		intptr = &options->gss_cleanup_creds;
  		goto parse_flag;
[email protected]@ -2097,6 +2111,7 @@ dump_config(ServerOptions *o)
[email protected]@ -2233,6 +2247,7 @@ dump_config(ServerOptions *o)
  #endif
  #ifdef GSSAPI
  	dump_cfg_fmtint(sGssAuthentication, o->gss_authentication);
 +	dump_cfg_fmtint(sGssKeyEx, o->gss_keyex);
  	dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds);
  #endif
- #ifdef JPAKE
-Only in new/: servconf.c.orig
-Only in new/: servconf.c.rej
-Only in new/: servconf.c~
+ 	dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication);
 diff -pur old/servconf.h new/servconf.h
---- old/servconf.h	2014-11-19 08:19:53.556446909 -0800
-+++ new/servconf.h	2014-11-19 08:19:53.619133205 -0800
[email protected]@ -116,6 +116,7 @@ typedef struct {
+--- old/servconf.h	2015-05-21 02:51:54.367009782 -0700
++++ new/servconf.h	2015-05-21 02:51:54.524007042 -0700
[email protected]@ -119,6 +119,7 @@ typedef struct {
  	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
  						 * authenticated with Kerberos. */
  	int     gss_authentication;	/* If true, permit GSSAPI authentication */
@@ -909,10 +864,9 @@
  	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
  	int     password_authentication;	/* If true, permit password
  						 * authentication. */
-Only in new/: servconf.h.orig
 diff -pur old/ssh-gss.h new/ssh-gss.h
---- old/ssh-gss.h	2013-02-24 16:24:44.000000000 -0800
-+++ new/ssh-gss.h	2014-11-19 08:19:53.619269786 -0800
+--- old/ssh-gss.h	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-gss.h	2015-05-21 02:51:54.524497644 -0700
 @@ -61,6 +61,17 @@
  
  #define SSH_GSS_OIDTYPE 0x06
@@ -939,7 +893,7 @@
  
  int  ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
  void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
[email protected]@ -120,6 +132,11 @@ void ssh_gssapi_buildmic(Buffer *, const
[email protected]@ -122,6 +134,11 @@ void ssh_gssapi_buildmic(Buffer *, const
  int ssh_gssapi_check_mechanism(Gssctxt **, gss_OID, const char *);
  
  /* In the server */
@@ -951,7 +905,7 @@
  OM_uint32 ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
  int ssh_gssapi_userok(char *name);
  OM_uint32 ssh_gssapi_checkmic(Gssctxt *, gss_buffer_t, gss_buffer_t);
[email protected]@ -127,6 +144,8 @@ void ssh_gssapi_do_child(char ***, u_int
[email protected]@ -129,6 +146,8 @@ void ssh_gssapi_do_child(char ***, u_int
  void ssh_gssapi_cleanup_creds(void);
  void ssh_gssapi_storecreds(void);
  
@@ -960,10 +914,9 @@
  #endif /* GSSAPI */
  
  #endif /* _SSH_GSS_H */
-Only in new/: ssh-gss.h.orig
 diff -pur old/ssh_config new/ssh_config
---- old/ssh_config	2013-10-09 16:24:12.000000000 -0700
-+++ new/ssh_config	2014-11-20 08:14:10.251613588 -0800
+--- old/ssh_config	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh_config	2015-05-21 02:51:54.524781493 -0700
 @@ -26,6 +26,7 @@
  #   HostbasedAuthentication no
  #   GSSAPIAuthentication no
@@ -973,9 +926,9 @@
  #   CheckHostIP yes
  #   AddressFamily any
 diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5	2014-11-19 08:19:53.578521210 -0800
-+++ new/ssh_config.5	2014-11-20 08:15:58.760019866 -0800
[email protected]@ -684,6 +684,12 @@ Specifies whether user authentication ba
+--- old/ssh_config.5	2015-05-21 02:51:54.385795947 -0700
++++ new/ssh_config.5	2015-05-21 02:51:54.525539849 -0700
[email protected]@ -751,6 +751,12 @@ Specifies whether user authentication ba
  The default on Solaris is
  .Dq yes .
  Note that this option applies to protocol version 2 only.
@@ -988,15 +941,12 @@
  .It Cm GSSAPIDelegateCredentials
  Forward (delegate) credentials to the server.
  The default is
-Only in new/: ssh_config.5.orig
-Only in new/: ssh_config.5~
-Only in new/: ssh_config~
 diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c	2014-11-19 08:19:53.536674289 -0800
-+++ new/sshconnect2.c	2014-11-20 04:01:10.016195028 -0800
+--- old/sshconnect2.c	2015-05-21 02:51:54.349037357 -0700
++++ new/sshconnect2.c	2015-05-21 02:51:54.526742914 -0700
 @@ -164,9 +164,31 @@ ssh_kex2(char *host, struct sockaddr *ho
- {
- 	Kex *kex;
+ 	struct kex *kex;
+ 	int r;
  
 +#ifdef GSSAPI
 +	char *orig = NULL, *gss = NULL;
@@ -1026,9 +976,9 @@
  	if (options.ciphers == (char *)-1) {
  		logit("No valid ciphers for protocol version 2 given, using defaults.");
  		options.ciphers = NULL;
[email protected]@ -202,6 +224,17 @@ ssh_kex2(char *host, struct sockaddr *ho
- 	if (options.kex_algorithms != NULL)
- 		myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
[email protected]@ -204,6 +226,17 @@ ssh_kex2(char *host, struct sockaddr *ho
+ 	myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
+ 	    myproposal[PROPOSAL_KEX_ALGS]);
  
 +#ifdef GSSAPI
 +	/* If we've got GSSAPI algorithms, then we also support the
@@ -1044,9 +994,9 @@
  	if (options.rekey_limit || options.rekey_interval)
  		packet_set_rekey_limits((u_int32_t)options.rekey_limit,
  		    (time_t)options.rekey_interval);
[email protected]@ -214,9 +247,22 @@ ssh_kex2(char *host, struct sockaddr *ho
- 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
- 	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
[email protected]@ -222,9 +255,22 @@ ssh_kex2(char *host, struct sockaddr *ho
+ # endif
+ #endif
  	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 +#ifdef GSSAPI
 +	if (options.gss_keyex) {
@@ -1065,17 +1015,17 @@
 +	}
 +#endif
  
- 	xxx_kex = kex;
+ 	dispatch_run(DISPATCH_BLOCK, &kex->done, active_state);
  
[email protected]@ -313,6 +359,7 @@ void	input_gssapi_token(int type, u_int3
- void	input_gssapi_hash(int type, u_int32_t, void *);
- void	input_gssapi_error(int, u_int32_t, void *);
- void	input_gssapi_errtok(int, u_int32_t, void *);
[email protected]@ -317,6 +363,7 @@ int	input_gssapi_token(int type, u_int32
+ int	input_gssapi_hash(int type, u_int32_t, void *);
+ int	input_gssapi_error(int, u_int32_t, void *);
+ int	input_gssapi_errtok(int, u_int32_t, void *);
 +int	userauth_gsskeyex(Authctxt *authctxt);
  #endif
  
  void	userauth(Authctxt *, char *);
[email protected]@ -328,6 +375,11 @@ static char *authmethods_get(void);
[email protected]@ -332,6 +379,11 @@ static char *authmethods_get(void);
  
  Authmethod authmethods[] = {
  #ifdef GSSAPI
@@ -1087,7 +1037,7 @@
  	{"gssapi-with-mic",
  		userauth_gssapi,
  		NULL,
[email protected]@ -649,7 +701,10 @@ userauth_gssapi(Authctxt *authctxt)
[email protected]@ -656,7 +708,10 @@ userauth_gssapi(Authctxt *authctxt)
  	 * once. */
  
  	if (gss_supported == NULL)
@@ -1099,7 +1049,7 @@
  
  	/* Check to see if the mechanism is usable before we offer it */
  	while (mech < gss_supported->count && !ok) {
[email protected]@ -753,8 +808,8 @@ input_gssapi_response(int type, u_int32_
[email protected]@ -760,8 +815,8 @@ input_gssapi_response(int type, u_int32_
  {
  	Authctxt *authctxt = ctxt;
  	Gssctxt *gssctxt;
@@ -1110,9 +1060,9 @@
  
  	if (authctxt == NULL)
  		fatal("input_gssapi_response: no authentication context");
[email protected]@ -863,6 +918,48 @@ input_gssapi_error(int type, u_int32_t p
- 	free(msg);
[email protected]@ -874,6 +929,48 @@ input_gssapi_error(int type, u_int32_t p
  	free(lang);
+ 	return 0;
  }
 +
 +int
@@ -1159,13 +1109,10 @@
  #endif /* GSSAPI */
  
  int
-Only in new/: sshconnect2.c.orig
-Only in new/: sshconnect2.c.rej
-Only in new/: sshconnect2.c~
 diff -pur old/sshd.c new/sshd.c
---- old/sshd.c	2014-11-19 08:19:53.496741742 -0800
-+++ new/sshd.c	2014-11-19 10:39:10.594013263 -0800
[email protected]@ -1730,10 +1730,13 @@ main(int ac, char **av)
+--- old/sshd.c	2015-05-21 02:51:54.419878113 -0700
++++ new/sshd.c	2015-05-21 02:51:54.528004659 -0700
[email protected]@ -1815,10 +1815,13 @@ main(int ac, char **av)
  		logit("Disabling protocol version 1. Could not load host key");
  		options.protocol &= ~SSH_PROTO_1;
  	}
@@ -1179,7 +1126,7 @@
  	if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
  		logit("sshd: no hostkeys available -- exiting.");
  		exit(1);
[email protected]@ -2488,6 +2491,48 @@ do_ssh2_kex(void)
[email protected]@ -2586,6 +2589,48 @@ do_ssh2_kex(void)
  	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal(
  	    list_hostkey_types());
  
@@ -1226,11 +1173,11 @@
 +#endif
 +
  	/* start key exchange */
- 	kex = kex_setup(myproposal);
- 	kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
[email protected]@ -2496,6 +2541,13 @@ do_ssh2_kex(void)
- 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
- 	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ 	if ((r = kex_setup(active_state, myproposal)) != 0)
+ 		fatal("kex_setup: %s", ssh_err(r));
[email protected]@ -2600,6 +2645,13 @@ do_ssh2_kex(void)
+ # endif
+ #endif
  	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 +#ifdef GSSAPI
 +	if (options.gss_keyex) {
@@ -1242,11 +1189,9 @@
  	kex->server = 1;
  	kex->client_version_string=client_version_string;
  	kex->server_version_string=server_version_string;
-Only in new/: sshd.c.orig
-Only in new/: sshd.c.rej
 diff -pur old/sshd_config new/sshd_config
---- old/sshd_config	2014-01-12 00:20:47.000000000 -0800
-+++ new/sshd_config	2014-11-20 08:14:48.893785772 -0800
+--- old/sshd_config	2015-03-16 22:49:20.000000000 -0700
++++ new/sshd_config	2015-05-21 02:51:54.528526236 -0700
 @@ -82,8 +82,9 @@ AuthorizedKeysFile	.ssh/authorized_keys
  #KerberosGetAFSToken no
  
@@ -1259,9 +1204,9 @@
  # Set this to 'yes' to enable PAM authentication, account processing,
  # and session processing. If this is enabled, PAM authentication will
 diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5	2014-11-19 08:19:53.578781556 -0800
-+++ new/sshd_config.5	2014-11-20 08:17:21.116195335 -0800
[email protected]@ -493,6 +493,12 @@ Specifies whether user authentication ba
+--- old/sshd_config.5	2015-05-21 02:51:54.386222371 -0700
++++ new/sshd_config.5	2015-05-21 02:51:54.529252300 -0700
[email protected]@ -564,6 +564,12 @@ Specifies whether user authentication ba
  The default on Solaris is
  .Dq yes .
  Note that this option applies to protocol version 2 only.
@@ -1274,8 +1219,25 @@
  .It Cm GSSAPICleanupCredentials
  Specifies whether to automatically destroy the user's credentials cache
  on logout.
-Only in new/: sshd_config.5.orig
-Only in new/: sshd_config.5~
-Only in new/: sshd_config.orig
-Only in new/: sshd_config.rej
-Only in new/: sshd_config~
+diff -pur old/sshkey.c new/sshkey.c
+--- old/sshkey.c	2015-03-16 22:49:20.000000000 -0700
++++ new/sshkey.c	2015-05-21 02:51:54.530693373 -0700
[email protected]@ -116,6 +116,7 @@ static const struct keytype keytypes[] =
+ 	{ "[email protected]", "DSA-CERT-V00",
+ 	    KEY_DSA_CERT_V00, 0, 1 },
+ #endif /* WITH_OPENSSL */
++	{ "null", "null", KEY_NULL, 0, 0 },
+ 	{ NULL, NULL, -1, -1, 0 }
+ };
+ 
+diff -pur old/sshkey.h new/sshkey.h
+--- old/sshkey.h	2015-03-16 22:49:20.000000000 -0700
++++ new/sshkey.h	2015-05-21 02:51:54.531066246 -0700
[email protected]@ -64,6 +64,7 @@ enum sshkey_types {
+ 	KEY_ED25519_CERT,
+ 	KEY_RSA_CERT_V00,
+ 	KEY_DSA_CERT_V00,
++	KEY_NULL,
+ 	KEY_UNSPEC
+ };
+ 
--- a/components/openssh/patches/024-disable_ed25519.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/024-disable_ed25519.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -2,14 +2,14 @@
 # Per Solaris crypto team recommendation, we need to remove support for
 # Curve25519 from OpenSSH.
 #
-# Patch offered upstream:
+# Patch offered upstream but rejected:
 #     https://bugzilla.mindrot.org/show_bug.cgi?id=2376
 #
 diff -pur old/Makefile.in new/Makefile.in
---- old/Makefile.in	2015-03-31 21:14:02.427499635 -0700
-+++ new/Makefile.in	2015-04-02 02:30:04.830658823 -0700
[email protected]@ -141,7 +141,7 @@ $(SSHDOBJS): Makefile.in config.h
- 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $<
+--- old/Makefile.in	2015-05-12 06:57:55.737824435 -0700
++++ new/Makefile.in	2015-05-12 06:57:55.859410671 -0700
[email protected]@ -155,7 +155,7 @@ $(SSHDOBJS): Makefile.in config.h
+ 	$(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o [email protected]
  
  LIBCOMPAT=openbsd-compat/libopenbsd-compat.a
 -$(LIBCOMPAT): always
@@ -18,12 +18,12 @@
  always:
  
 diff -pur old/authfd.c new/authfd.c
---- old/authfd.c	2013-12-28 22:49:56.000000000 -0800
-+++ new/authfd.c	2015-04-01 01:53:06.534109950 -0700
[email protected]@ -508,8 +508,10 @@ ssh_add_identity_constrained(Authenticat
- 	case KEY_DSA_CERT_V00:
+--- old/authfd.c	2015-03-16 22:49:20.000000000 -0700
++++ new/authfd.c	2015-05-12 06:57:55.860206664 -0700
[email protected]@ -569,8 +569,10 @@ ssh_add_identity_constrained(int sock, s
  	case KEY_ECDSA:
  	case KEY_ECDSA_CERT:
+ #endif
 +#ifndef WITHOUT_ED25519
  	case KEY_ED25519:
  	case KEY_ED25519_CERT:
@@ -32,127 +32,118 @@
  		    SSH2_AGENTC_ADD_ID_CONSTRAINED :
  		    SSH2_AGENTC_ADD_IDENTITY;
 diff -pur old/authfile.c new/authfile.c
---- old/authfile.c	2013-12-28 22:50:15.000000000 -0800
-+++ new/authfile.c	2015-04-01 05:27:03.024708427 -0700
[email protected]@ -597,9 +597,11 @@ key_private_to_blob(Key *key, Buffer *bl
- 			    comment, new_format_cipher, new_format_rounds);
- 		}
- 		return key_private_pem_to_blob(key, blob, passphrase, comment);
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		return key_private_to_blob2(key, blob, passphrase,
- 		    comment, new_format_cipher, new_format_rounds);
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		error("%s: cannot save key type %d", __func__, key->type);
- 		return 0;
[email protected]@ -1005,8 +1007,10 @@ key_parse_private_type(Buffer *blob, int
- 	case KEY_ECDSA:
- 	case KEY_RSA:
- 		return key_parse_private_pem(blob, type, passphrase, commentp);
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		return key_parse_private2(blob, type, passphrase, commentp);
-+#endif /* WITHOUT_ED25519 */
- 	case KEY_UNSPEC:
- 		if ((k = key_parse_private2(blob, type, passphrase, commentp)))
- 			return k;
[email protected]@ -1213,7 +1217,9 @@ key_load_private_cert(int type, const ch
+--- old/authfile.c	2015-03-16 22:49:20.000000000 -0700
++++ new/authfile.c	2015-05-12 06:57:55.860669228 -0700
[email protected]@ -446,8 +446,10 @@ sshkey_load_private_cert(int type, const
  	case KEY_RSA:
  	case KEY_DSA:
  	case KEY_ECDSA:
+-	case KEY_ED25519:
+ #endif /* WITH_OPENSSL */
 +#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
++	case KEY_ED25519:
 +#endif /* WITHOUT_ED25519 */
+ 	case KEY_UNSPEC:
  		break;
  	default:
- 		error("%s: unsupported key type", __func__);
-diff -pur old/crypto_api.h new/crypto_api.h
---- old/crypto_api.h	2014-01-16 17:31:34.000000000 -0800
-+++ new/crypto_api.h	2015-04-02 00:35:29.952105991 -0700
[email protected]@ -26,7 +26,7 @@ int	crypto_hashblocks_sha512(unsigned ch
- 
- #define crypto_hash_sha512_BYTES 64U
+diff -pur old/dns.c new/dns.c
+--- old/dns.c	2015-03-16 22:49:20.000000000 -0700
++++ new/dns.c	2015-05-12 06:57:55.861065113 -0700
[email protected]@ -100,11 +100,13 @@ dns_read_key(u_int8_t *algorithm, u_int8
+ 		if (!*digest_type)
+ 			*digest_type = SSHFP_HASH_SHA256;
+ 		break;
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 		*algorithm = SSHFP_KEY_ED25519;
+ 		if (!*digest_type)
+ 			*digest_type = SSHFP_HASH_SHA256;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		*algorithm = SSHFP_KEY_RESERVED; /* 0 */
+ 		*digest_type = SSHFP_HASH_RESERVED; /* 0 */
+diff -pur old/dns.h new/dns.h
+--- old/dns.h	2015-03-16 22:49:20.000000000 -0700
++++ new/dns.h	2015-05-12 06:57:55.861358245 -0700
[email protected]@ -33,7 +33,9 @@ enum sshfp_types {
+ 	SSHFP_KEY_RSA = 1,
+ 	SSHFP_KEY_DSA = 2,
+ 	SSHFP_KEY_ECDSA = 3,
++#ifndef WITHOUT_ED25519
+ 	SSHFP_KEY_ED25519 = 4 
++#endif /* WITHOUT_ED25519 */
+ };
  
--int	crypto_hash_sha512(unsigned char *, const unsigned char *,
-+extern int	crypto_hash_sha512(unsigned char *, const unsigned char *,
-     unsigned long long);
- 
- int	crypto_verify_32(const unsigned char *, const unsigned char *);
+ enum sshfp_hashes {
 diff -pur old/ed25519.c new/ed25519.c
---- old/ed25519.c	2013-12-17 22:48:11.000000000 -0800
-+++ new/ed25519.c	2015-04-01 09:03:04.052497535 -0700
[email protected]@ -6,6 +6,8 @@
-  * Copied from supercop-20130419/crypto_sign/ed25519/ref/ed25519.c
+--- old/ed25519.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ed25519.c	2015-05-12 06:57:55.861707517 -0700
[email protected]@ -7,6 +7,7 @@
   */
  
+ #include "includes.h"
 +#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
  #include "crypto_api.h"
  
[email protected]@ -142,3 +144,4 @@ int crypto_sign_ed25519_open(
+ #include "ge25519.h"
[email protected]@ -142,3 +143,4 @@ int crypto_sign_ed25519_open(
    }
    return ret;
  }
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/fe25519.c new/fe25519.c
---- old/fe25519.c	2014-01-16 17:43:44.000000000 -0800
-+++ new/fe25519.c	2015-04-01 03:48:12.251955071 -0700
[email protected]@ -6,6 +6,8 @@
-  * Copied from supercop-20130419/crypto_sign/ed25519/ref/fe25519.c
-  */
+--- old/fe25519.c	2015-03-16 22:49:20.000000000 -0700
++++ new/fe25519.c	2015-05-12 06:57:55.862124169 -0700
[email protected]@ -8,6 +8,7 @@
+ 
+ #include "includes.h"
  
 +#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
+ #define WINDOWSIZE 1 /* Should be 1,2, or 4 */
+ #define WINDOWMASK ((1<<WINDOWSIZE)-1)
  
- #define WINDOWSIZE 1 /* Should be 1,2, or 4 */
[email protected]@ -335,3 +337,5 @@ void fe25519_pow2523(fe25519 *r, const f
[email protected]@ -335,3 +336,4 @@ void fe25519_pow2523(fe25519 *r, const f
  	/* 2^252 - 2^2 */ fe25519_square(&t,&t);
  	/* 2^252 - 3 */ fe25519_mul(r,&t,x);
  }
-+
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/fe25519.h new/fe25519.h
---- old/fe25519.h	2013-12-17 22:48:11.000000000 -0800
-+++ new/fe25519.h	2015-04-01 03:47:56.992321351 -0700
[email protected]@ -9,6 +9,8 @@
+--- old/fe25519.h	2015-03-16 22:49:20.000000000 -0700
++++ new/fe25519.h	2015-05-12 06:57:55.862460867 -0700
[email protected]@ -8,6 +8,7 @@
+ 
  #ifndef FE25519_H
  #define FE25519_H
++#ifndef WITHOUT_ED25519
  
-+#ifndef WITHOUT_ED25519
-+
  #include "crypto_api.h"
  
- #define fe25519              crypto_sign_ed25519_ref_fe25519
[email protected]@ -67,4 +69,5 @@ void fe25519_invert(fe25519 *r, const fe
[email protected]@ -67,4 +68,5 @@ void fe25519_invert(fe25519 *r, const fe
  
  void fe25519_pow2523(fe25519 *r, const fe25519 *x);
  
 +#endif /* WITHOUT_ED25519 */
  #endif
 diff -pur old/ge25519.c new/ge25519.c
---- old/ge25519.c	2014-01-16 17:43:44.000000000 -0800
-+++ new/ge25519.c	2015-04-01 03:47:40.144323636 -0700
[email protected]@ -6,6 +6,8 @@
-  * Copied from supercop-20130419/crypto_sign/ed25519/ref/ge25519.c
+--- old/ge25519.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ge25519.c	2015-05-12 06:57:55.862878000 -0700
[email protected]@ -7,6 +7,7 @@
   */
  
+ #include "includes.h"
 +#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
  
  #include "fe25519.h"
[email protected]@ -319,3 +321,5 @@ void ge25519_scalarmult_base(ge25519_p3
+ #include "sc25519.h"
[email protected]@ -319,3 +320,4 @@ void ge25519_scalarmult_base(ge25519_p3
      ge25519_mixadd2(r, &t);
    }
  }
-+
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/ge25519.h new/ge25519.h
---- old/ge25519.h	2013-12-17 22:48:11.000000000 -0800
-+++ new/ge25519.h	2015-04-01 03:47:22.801071311 -0700
+--- old/ge25519.h	2015-03-16 22:49:20.000000000 -0700
++++ new/ge25519.h	2015-05-12 06:57:55.863212105 -0700
 @@ -8,6 +8,7 @@
  
  #ifndef GE25519_H
@@ -168,21 +159,24 @@
 +#endif /* WITHOUT_ED25519 */
  #endif
 diff -pur old/kex.c new/kex.c
---- old/kex.c	2015-03-31 21:14:02.430475216 -0700
-+++ new/kex.c	2015-04-01 04:49:49.142934463 -0700
[email protected]@ -91,7 +91,7 @@ static const struct kexalg kexalgs[] = {
- # endif
- #endif
- 	{ KEX_DH1, KEX_DH_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
--#ifdef HAVE_EVP_SHA256
-+#if defined(HAVE_EVP_SHA256) && !defined(WITHOUT_ED25519)
+--- old/kex.c	2015-05-12 06:57:55.741193024 -0700
++++ new/kex.c	2015-05-12 07:00:10.308904895 -0700
[email protected]@ -96,9 +96,11 @@ static const struct kexalg kexalgs[] = {
+ # endif /* OPENSSL_HAS_NISTP521 */
+ #endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ #if defined(HAVE_EVP_SHA256) || !defined(WITH_OPENSSL)
  	{ KEX_CURVE25519_SHA256, KEX_C25519_SHA256, 0, SSH_DIGEST_SHA256 },
- #endif
+ #endif /* HAVE_EVP_SHA256 || !WITH_OPENSSL */
++#endif /* WITHOUT_ED25519 */
  #ifdef GSSAPI
+ 	{ KEX_GSS_GEX_SHA1_ID, KEX_GSS_GEX_SHA1, 0, SSH_DIGEST_SHA1 },
+ 	{ KEX_GSS_GRP1_SHA1_ID, KEX_GSS_GRP1_SHA1, 0, SSH_DIGEST_SHA1 },
 diff -pur old/kex.h new/kex.h
---- old/kex.h	2015-03-31 21:14:02.430845488 -0700
-+++ new/kex.h	2015-04-01 04:58:55.837357472 -0700
[email protected]@ -43,7 +43,9 @@
+--- old/kex.h	2015-05-12 06:57:55.741694192 -0700
++++ new/kex.h	2015-05-12 07:01:49.320801815 -0700
[email protected]@ -58,13 +58,17 @@
  #define	KEX_ECDH_SHA2_NISTP256	"ecdh-sha2-nistp256"
  #define	KEX_ECDH_SHA2_NISTP384	"ecdh-sha2-nistp384"
  #define	KEX_ECDH_SHA2_NISTP521	"ecdh-sha2-nistp521"
@@ -192,7 +186,15 @@
  
  #define COMP_NONE	0
  #define COMP_ZLIB	1
[email protected]@ -75,7 +77,9 @@ enum kex_exchange {
+ #define COMP_DELAYED	2
+ 
++#ifndef WITHOUT_ED25519
+ #define CURVE25519_SIZE 32
++#endif /* WITHOUT_ED25519 */
+ 
+ enum kex_init_proposals {
+ 	PROPOSAL_KEX_ALGS,
[email protected]@ -92,7 +96,9 @@ enum kex_exchange {
  	KEX_DH_GEX_SHA1,
  	KEX_DH_GEX_SHA256,
  	KEX_ECDH_SHA2,
@@ -202,567 +204,175 @@
  	KEX_GSS_GRP1_SHA1,
  	KEX_GSS_GRP14_SHA1,
  	KEX_GSS_GEX_SHA1,
[email protected]@ -172,8 +176,10 @@ void	 kexgex_client(Kex *);
- void	 kexgex_server(Kex *);
- void	 kexecdh_client(Kex *);
- void	 kexecdh_server(Kex *);
[email protected]@ -160,8 +166,10 @@ struct kex {
+ 	u_int	min, max, nbits;	/* GEX */
+ 	EC_KEY	*ec_client_key;		/* ECDH */
+ 	const EC_GROUP *ec_group;	/* ECDH */
 +#ifndef WITHOUT_ED25519
- void	 kexc25519_client(Kex *);
- void	 kexc25519_server(Kex *);
+ 	u_char c25519_client_key[CURVE25519_SIZE]; /* 25519 */
+ 	u_char c25519_client_pubkey[CURVE25519_SIZE]; /* 25519 */
 +#endif /* WITHOUT_ED25519 */
+ };
  
+ int	 kex_names_valid(const char *);
[email protected]@ -188,8 +196,10 @@ int	 kexgex_client(struct ssh *);
+ int	 kexgex_server(struct ssh *);
+ int	 kexecdh_client(struct ssh *);
+ int	 kexecdh_server(struct ssh *);
++#ifndef WITHOUT_ED25519
+ int	 kexc25519_client(struct ssh *);
+ int	 kexc25519_server(struct ssh *);
++#endif /* WITHOUT_ED25519 */
  #ifdef GSSAPI
- void	kexgss_client(Kex *);
[email protected]@ -193,6 +199,7 @@ kex_ecdh_hash(int, const EC_GROUP *, cha
-     char *, int, u_char *, int, const EC_POINT *, const EC_POINT *,
-     const BIGNUM *, u_char **, u_int *);
- #endif
+ int	 kexgss_client(Kex *);
+ void	 kexgss_server(Kex *);
[email protected]@ -210,6 +220,7 @@ int kex_ecdh_hash(int, const EC_GROUP *,
+     const u_char *, size_t, const u_char *, size_t, const u_char *, size_t,
+     const EC_POINT *, const EC_POINT *, const BIGNUM *, u_char *, size_t *);
+ 
 +#ifndef WITHOUT_ED25519
- void
- kex_c25519_hash(int, char *, char *, char *, int,
-     char *, int, u_char *, int, const u_char *, const u_char *,
[email protected]@ -206,6 +213,7 @@ void kexc25519_shared_key(const u_char k
-     const u_char pub[CURVE25519_SIZE], Buffer *out)
+ int	 kex_c25519_hash(int, const char *, const char *, const char *, size_t,
+     const char *, size_t, const u_char *, size_t, const u_char *, const u_char *,
+     const u_char *, size_t, u_char *, size_t *);
[email protected]@ -221,6 +232,7 @@ int	kexc25519_shared_key(const u_char ke
+     const u_char pub[CURVE25519_SIZE], struct sshbuf *out)
  	__attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE)))
  	__attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE)));
 +#endif /* WITHOUT_ED25519 */
  
- void
+ int
  derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
 diff -pur old/kexc25519.c new/kexc25519.c
---- old/kexc25519.c	2014-01-12 00:21:23.000000000 -0800
-+++ new/kexc25519.c	2015-04-01 04:52:44.039054396 -0700
[email protected]@ -25,6 +25,8 @@
-  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-  */
+--- old/kexc25519.c	2015-03-16 22:49:20.000000000 -0700
++++ new/kexc25519.c	2015-05-12 06:57:55.865837542 -0700
[email protected]@ -27,6 +27,7 @@
+ 
+ #include "includes.h"
  
 +#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
+ #include <sys/types.h>
  
- #include <sys/types.h>
[email protected]@ -120,3 +122,5 @@ kex_c25519_hash(
- 	*hash = digest;
- 	*hashlen = ssh_digest_bytes(hash_alg);
+ #include <signal.h>
[email protected]@ -126,3 +127,4 @@ kex_c25519_hash(
+ #endif
+ 	return 0;
  }
-+
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/kexc25519c.c new/kexc25519c.c
---- old/kexc25519c.c	2014-01-12 00:21:23.000000000 -0800
-+++ new/kexc25519c.c	2015-04-01 04:52:57.326754535 -0700
[email protected]@ -25,6 +25,8 @@
-  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-  */
+--- old/kexc25519c.c	2015-03-16 22:49:20.000000000 -0700
++++ new/kexc25519c.c	2015-05-12 06:57:55.866212606 -0700
[email protected]@ -27,6 +27,7 @@
  
-+#ifndef WITHOUT_ED25519
-+
  #include "includes.h"
  
++#ifndef WITHOUT_ED25519
  #include <sys/types.h>
[email protected]@ -127,3 +129,5 @@ kexc25519_client(Kex *kex)
- 	buffer_free(&shared_secret);
- 	kex_finish(kex);
+ 
+ #include <stdio.h>
[email protected]@ -168,3 +169,4 @@ out:
+ 	sshbuf_free(shared_secret);
+ 	return r;
  }
-+
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/kexc25519s.c new/kexc25519s.c
---- old/kexc25519s.c	2014-01-12 00:21:23.000000000 -0800
-+++ new/kexc25519s.c	2015-04-01 04:53:14.320854854 -0700
[email protected]@ -24,6 +24,8 @@
-  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-  */
+--- old/kexc25519s.c	2015-03-16 22:49:20.000000000 -0700
++++ new/kexc25519s.c	2015-05-12 06:57:55.866584623 -0700
[email protected]@ -26,6 +26,8 @@
+ 
+ #include "includes.h"
  
 +#ifndef WITHOUT_ED25519
 +
- #include "includes.h"
- 
  #include <sys/types.h>
[email protected]@ -124,3 +126,5 @@ kexc25519_server(Kex *kex)
- 	buffer_free(&shared_secret);
- 	kex_finish(kex);
+ #include <string.h>
+ #include <signal.h>
[email protected]@ -156,3 +158,4 @@ out:
+ 	sshbuf_free(shared_secret);
+ 	return r;
  }
-+
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/key.c new/key.c
---- old/key.c	2015-03-31 21:14:02.432016878 -0700
-+++ new/key.c	2015-04-01 02:05:27.074044366 -0700
[email protected]@ -89,8 +89,10 @@ key_new(int type)
- 	k->dsa = NULL;
- 	k->rsa = NULL;
- 	k->cert = NULL;
-+#ifndef WITHOUT_ED25519
- 	k->ed25519_sk = NULL;
- 	k->ed25519_pk = NULL;
-+#endif /* WITHOUT_ED25519 */
- 	switch (k->type) {
- 	case KEY_RSA1:
- 	case KEY_RSA:
[email protected]@ -125,10 +127,12 @@ key_new(int type)
- 		/* Cannot do anything until we know the group */
- 		break;
- #endif
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		/* no need to prealloc */
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	case KEY_UNSPEC:
- 		break;
- 	default:
[email protected]@ -173,10 +177,12 @@ key_add_private(Key *k)
- 	case KEY_ECDSA_CERT:
- 		/* Cannot do anything until we know the group */
- 		break;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		/* no need to prealloc */
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	case KEY_UNSPEC:
- 		break;
- 	default:
[email protected]@ -239,6 +245,7 @@ key_free(Key *k)
- 		k->ecdsa = NULL;
- 		break;
- #endif
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		if (k->ed25519_pk) {
[email protected]@ -252,6 +259,7 @@ key_free(Key *k)
- 			k->ed25519_sk = NULL;
- 		}
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	case KEY_UNSPEC:
- 		break;
- 	default:
[email protected]@ -333,10 +341,12 @@ key_equal_public(const Key *a, const Key
- 		BN_CTX_free(bnctx);
- 		return 1;
- #endif /* OPENSSL_HAS_ECC */
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
- 		    memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		fatal("key_equal: bad key type %d", a->type);
- 	}
[email protected]@ -392,7 +402,9 @@ key_fingerprint_raw(const Key *k, enum f
- 	case KEY_DSA:
- 	case KEY_ECDSA:
- 	case KEY_RSA:
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- 		key_to_blob(k, &blob, &len);
- 		break;
- 	case KEY_DSA_CERT_V00:
[email protected]@ -400,7 +412,9 @@ key_fingerprint_raw(const Key *k, enum f
- 	case KEY_DSA_CERT:
- 	case KEY_ECDSA_CERT:
- 	case KEY_RSA_CERT:
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- 		/* We want a fingerprint of the _key_ not of the cert */
- 		to_blob(k, &blob, &len, 1);
- 		break;
[email protected]@ -728,13 +742,17 @@ key_read(Key *ret, char **cpp)
- 	case KEY_RSA:
- 	case KEY_DSA:
- 	case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- 	case KEY_DSA_CERT_V00:
- 	case KEY_RSA_CERT_V00:
- 	case KEY_DSA_CERT:
- 	case KEY_ECDSA_CERT:
- 	case KEY_RSA_CERT:
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- 		space = strchr(cp, ' ');
- 		if (space == NULL) {
- 			debug3("key_read: missing whitespace");
[email protected]@ -836,6 +854,7 @@ key_read(Key *ret, char **cpp)
- #endif
- 		}
- #endif
-+#ifndef WITHOUT_ED25519
- 		if (key_type_plain(ret->type) == KEY_ED25519) {
- 			free(ret->ed25519_pk);
- 			ret->ed25519_pk = k->ed25519_pk;
[email protected]@ -844,6 +863,7 @@ key_read(Key *ret, char **cpp)
- 			/* XXX */
- #endif
- 		}
-+#endif /* WITHOUT_ED25519 */
- 		success = 1;
- /*XXXX*/
- 		key_free(k);
[email protected]@ -907,11 +927,13 @@ key_write(const Key *key, FILE *f)
- 			return 0;
- 		break;
- #endif
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		if (key->ed25519_pk == NULL)
- 			return 0;
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	case KEY_RSA:
- 	case KEY_RSA_CERT_V00:
- 	case KEY_RSA_CERT:
[email protected]@ -959,7 +981,9 @@ static const struct keytype keytypes[] =
- 	{ NULL, "RSA1", KEY_RSA1, 0, 0 },
- 	{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
- 	{ "ssh-dss", "DSA", KEY_DSA, 0, 0 },
-+#ifndef WITHOUT_ED25519
- 	{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
-+#endif /* WITHOUT_ED25519 */
- #ifdef OPENSSL_HAS_ECC
- 	{ "ecdsa-sha2-nistp256", "ECDSA", KEY_ECDSA, NID_X9_62_prime256v1, 0 },
- 	{ "ecdsa-sha2-nistp384", "ECDSA", KEY_ECDSA, NID_secp384r1, 0 },
[email protected]@ -983,8 +1007,10 @@ static const struct keytype keytypes[] =
- 	    KEY_RSA_CERT_V00, 0, 1 },
- 	{ "[email protected]", "DSA-CERT-V00",
- 	    KEY_DSA_CERT_V00, 0, 1 },
-+#ifndef WITHOUT_ED25519
- 	{ "[email protected]", "ED25519-CERT",
- 	    KEY_ED25519_CERT, 0, 1 },
-+#endif /* WITHOUT_ED25519 */
- 	{ "null", "null", KEY_NULL, 0, 0 },
- 	{ NULL, NULL, -1, -1, 0 }
- };
[email protected]@ -1097,7 +1123,9 @@ key_type_is_valid_ca(int type)
- 	case KEY_RSA:
- 	case KEY_DSA:
- 	case KEY_ECDSA:
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
-+#endif /* WITHOUT_ED25519 */
- 		return 1;
- 	default:
- 		return 0;
[email protected]@ -1117,8 +1145,10 @@ key_size(const Key *k)
- 	case KEY_DSA_CERT_V00:
- 	case KEY_DSA_CERT:
- 		return BN_num_bits(k->dsa->p);
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		return 256;	/* XXX */
-+#endif /* WITHOUT_ED25519 */
- #ifdef OPENSSL_HAS_ECC
- 	case KEY_ECDSA:
- 	case KEY_ECDSA_CERT:
[email protected]@ -1262,11 +1292,13 @@ key_generate(int type, u_int bits)
- 	case KEY_RSA1:
- 		k->rsa = rsa_generate_private_key(bits);
- 		break;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		k->ed25519_pk = xmalloc(ED25519_PK_SZ);
- 		k->ed25519_sk = xmalloc(ED25519_SK_SZ);
- 		crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
- 		break;
 +#endif /* WITHOUT_ED25519 */
- 	case KEY_RSA_CERT_V00:
- 	case KEY_DSA_CERT_V00:
- 	case KEY_RSA_CERT:
[email protected]@ -1360,6 +1392,7 @@ key_from_private(const Key *k)
- 		    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
- 			fatal("key_from_private: BN_copy failed");
- 		break;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		n = key_new(k->type);
[email protected]@ -1368,6 +1401,7 @@ key_from_private(const Key *k)
- 			memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- 		}
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		fatal("key_from_private: unknown type %d", k->type);
- 		break;
[email protected]@ -1629,6 +1663,7 @@ key_from_blob2(const u_char *blob, u_int
- #endif
- 		break;
- #endif /* OPENSSL_HAS_ECC */
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
- 		(void)buffer_get_string_ptr_ret(&b, NULL); /* Skip nonce */
- 		/* FALLTHROUGH */
[email protected]@ -1646,6 +1681,7 @@ key_from_blob2(const u_char *blob, u_int
- 		key->ed25519_pk = pk;
- 		pk = NULL;
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	case KEY_UNSPEC:
- 		key = key_new(type);
- 		break;
[email protected]@ -1700,7 +1736,9 @@ to_blob(const Key *key, u_char **blobp,
- 	case KEY_DSA_CERT:
- 	case KEY_ECDSA_CERT:
- 	case KEY_RSA_CERT:
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
-+#endif /* WITHOUT_ED25519 */
- 		/* Use the existing blob */
- 		buffer_append(&b, buffer_ptr(&key->cert->certblob),
- 		    buffer_len(&key->cert->certblob));
[email protected]@ -1728,11 +1766,13 @@ to_blob(const Key *key, u_char **blobp,
- 		buffer_put_bignum2(&b, key->rsa->e);
- 		buffer_put_bignum2(&b, key->rsa->n);
- 		break;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		buffer_put_cstring(&b,
- 		    key_ssh_name_from_type_nid(type, key->ecdsa_nid));
- 		buffer_put_string(&b, key->ed25519_pk, ED25519_PK_SZ);
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		error("key_to_blob: unsupported key type %d", key->type);
- 		buffer_free(&b);
[email protected]@ -1776,9 +1816,11 @@ key_sign(
- 	case KEY_RSA_CERT:
- 	case KEY_RSA:
- 		return ssh_rsa_sign(key, sigp, lenp, data, datalen);
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		return ssh_ed25519_sign(key, sigp, lenp, data, datalen);
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		error("key_sign: invalid key type %d", key->type);
- 		return -1;
[email protected]@ -1812,9 +1854,11 @@ key_verify(
- 	case KEY_RSA_CERT:
- 	case KEY_RSA:
- 		return ssh_rsa_verify(key, signature, signaturelen, data, datalen);
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 	case KEY_ED25519_CERT:
- 		return ssh_ed25519_verify(key, signature, signaturelen, data, datalen);
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		error("key_verify: invalid key type %d", key->type);
- 		return -1;
[email protected]@ -1834,8 +1878,10 @@ key_demote(const Key *k)
- 	pk->dsa = NULL;
- 	pk->ecdsa = NULL;
- 	pk->rsa = NULL;
-+#ifndef WITHOUT_ED25519
- 	pk->ed25519_pk = NULL;
- 	pk->ed25519_sk = NULL;
-+#endif /* WITHOUT_ED25519 */
- 
- 	switch (k->type) {
- 	case KEY_RSA_CERT_V00:
[email protected]@ -1879,6 +1925,7 @@ key_demote(const Key *k)
- 			fatal("key_demote: EC_KEY_set_public_key failed");
- 		break;
- #endif
+diff -pur old/monitor.c new/monitor.c
+--- old/monitor.c	2015-05-12 06:57:55.743678816 -0700
++++ new/monitor.c	2015-05-12 07:02:27.111640142 -0700
[email protected]@ -1937,7 +1937,9 @@ monitor_apply_keystate(struct monitor *p
+ 		kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ # endif
+ #endif /* WITH_OPENSSL */
 +#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
- 		key_cert_copy(k, pk);
- 		/* FALLTHROUGH */
[email protected]@ -1888,6 +1935,7 @@ key_demote(const Key *k)
- 			memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
- 		}
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		fatal("key_demote: bad key type %d", k->type);
- 		break;
[email protected]@ -1917,8 +1965,10 @@ key_type_plain(int type)
- 		return KEY_DSA;
- 	case KEY_ECDSA_CERT:
- 		return KEY_ECDSA;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
- 		return KEY_ED25519;
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		return type;
- 	}
[email protected]@ -1944,6 +1994,7 @@ key_to_certified(Key *k, int legacy)
- 		k->cert = cert_new();
- 		k->type = KEY_ECDSA_CERT;
- 		return 0;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		if (legacy)
- 			fatal("%s: legacy ED25519 certificates are not "
[email protected]@ -1951,6 +2002,7 @@ key_to_certified(Key *k, int legacy)
- 		k->cert = cert_new();
- 		k->type = KEY_ED25519_CERT;
- 		return 0;
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		error("%s: key has incorrect type %s", __func__, key_type(k));
- 		return -1;
[email protected]@ -2029,10 +2081,12 @@ key_certify(Key *k, Key *ca)
- 		buffer_put_bignum2(&k->cert->certblob, k->rsa->e);
- 		buffer_put_bignum2(&k->cert->certblob, k->rsa->n);
- 		break;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519_CERT:
- 		buffer_put_string(&k->cert->certblob,
- 		    k->ed25519_pk, ED25519_PK_SZ);
- 		break;
+ 		kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 +#endif /* WITHOUT_ED25519 */
- 	default:
- 		error("%s: key has incorrect type %s", __func__, key_type(k));
- 		buffer_clear(&k->cert->certblob);
[email protected]@ -2450,6 +2504,7 @@ key_private_serialize(const Key *key, Bu
- 		buffer_put_bignum2(b, EC_KEY_get0_private_key(key->ecdsa));
- 		break;
- #endif /* OPENSSL_HAS_ECC */
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
- 		buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
[email protected]@ -2462,6 +2517,7 @@ key_private_serialize(const Key *key, Bu
- 		buffer_put_string(b, key->ed25519_pk, ED25519_PK_SZ);
- 		buffer_put_string(b, key->ed25519_sk, ED25519_SK_SZ);
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	}
- }
- 
[email protected]@ -2576,6 +2632,7 @@ key_private_deserialize(Buffer *blob)
- 		buffer_get_bignum2(blob, k->rsa->p);
- 		buffer_get_bignum2(blob, k->rsa->q);
- 		break;
-+#ifndef WITHOUT_ED25519
- 	case KEY_ED25519:
- 		k = key_new_private(type);
- 		k->ed25519_pk = buffer_get_string(blob, &pklen);
[email protected]@ -2602,6 +2659,7 @@ key_private_deserialize(Buffer *blob)
- 			fatal("%s: ed25519 sklen %d != %d",
- 			    __func__, sklen, ED25519_SK_SZ);
- 		break;
-+#endif /* WITHOUT_ED25519 */
- 	default:
- 		free(type_name);
- 		buffer_clear(blob);
-diff -pur old/key.h new/key.h
---- old/key.h	2015-03-31 21:14:02.432362912 -0700
-+++ new/key.h	2015-04-01 02:07:01.018270150 -0700
[email protected]@ -39,11 +39,15 @@ enum types {
- 	KEY_RSA,
- 	KEY_DSA,
- 	KEY_ECDSA,
-+#ifndef WITHOUT_ED25519
- 	KEY_ED25519,
-+#endif /* WITHOUT_ED25519 */
- 	KEY_RSA_CERT,
- 	KEY_DSA_CERT,
- 	KEY_ECDSA_CERT,
-+#ifndef WITHOUT_ED25519
- 	KEY_ED25519_CERT,
-+#endif /* WITHOUT_ED25519 */
- 	KEY_RSA_CERT_V00,
- 	KEY_DSA_CERT_V00,
- 	KEY_NULL,
[email protected]@ -89,12 +93,16 @@ struct Key {
- 	void	*ecdsa;
+ #ifdef GSSAPI
+ 		if (options.gss_keyex) {
+ 			kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
+diff -pur old/myproposal.h new/myproposal.h
+--- old/myproposal.h	2015-03-16 22:49:20.000000000 -0700
++++ new/myproposal.h	2015-06-05 02:29:36.569958448 -0700
[email protected]@ -59,6 +59,20 @@
+ # define HOSTKEY_ECDSA_METHODS
  #endif
- 	struct KeyCert *cert;
-+#ifndef WITHOUT_ED25519
- 	u_char	*ed25519_sk;
- 	u_char	*ed25519_pk;
-+#endif /* WITHOUT_ED25519 */
- };
  
 +#ifndef WITHOUT_ED25519
- #define	ED25519_SK_SZ	crypto_sign_ed25519_SECRETKEYBYTES
- #define	ED25519_PK_SZ	crypto_sign_ed25519_PUBLICKEYBYTES
-+#endif /* WITHOUT_ED25519 */
- 
- Key		*key_new(int);
- void		 key_add_private(Key *);
[email protected]@ -153,8 +161,10 @@ int	 ssh_ecdsa_sign(const Key *, u_char
- int	 ssh_ecdsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
- int	 ssh_rsa_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
- int	 ssh_rsa_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
-+#ifndef WITHOUT_ED25519
- int	 ssh_ed25519_sign(const Key *, u_char **, u_int *, const u_char *, u_int);
- int	 ssh_ed25519_verify(const Key *, const u_char *, u_int, const u_char *, u_int);
++# if defined(WITH_OPENSSL) && defined(HAVE_EVP_SHA256)
++#  define KEX_CURVE25519_METHODS "[email protected],"
++# else
++#  define KEX_CURVE25519_METHODS
++# endif
++# define HOSTKEY_CURVE25519_CERT_METHODS "[email protected],"
++# define HOSTKEY_CURVE25519_METHODS "ssh-ed25519,"
++#else
++# define KEX_CURVE25519_METHODS
++# define HOSTKEY_CURVE25519_CERT_METHODS
++# define HOSTKEY_CURVE25519_METHODS
 +#endif /* WITHOUT_ED25519 */
- 
- #if defined(OPENSSL_HAS_ECC) && (defined(DEBUG_KEXECDH) || defined(DEBUG_PK))
- void	key_dump_ec_point(const EC_GROUP *, const EC_POINT *);
-diff -pur old/monitor.c new/monitor.c
---- old/monitor.c	2015-03-31 21:14:02.433735148 -0700
-+++ new/monitor.c	2015-04-01 04:54:56.314967559 -0700
[email protected]@ -1902,7 +1902,9 @@ mm_get_kex(Buffer *m)
- 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
- 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
- 	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
-+#ifndef WITHOUT_ED25519
- 	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
-+#endif /* WITHOUT_ED25519 */
- #ifdef GSSAPI
- 	if (options.gss_keyex) {
- 		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
-diff -pur old/myproposal.h new/myproposal.h
---- old/myproposal.h	2013-12-06 16:24:02.000000000 -0800
-+++ new/myproposal.h	2015-04-01 02:12:36.430101847 -0700
[email protected]@ -80,6 +80,24 @@
- # define SHA2_HMAC_MODES
++
+ #ifdef OPENSSL_HAVE_EVPGCM
+ # define AESGCM_CIPHER_MODES \
+ 	"[email protected],[email protected],"
[email protected]@ -78,11 +92,6 @@
  #endif
  
-+#ifdef WITHOUT_ED25519
-+# define KEX_DEFAULT_KEX \
-+	KEX_ECDH_METHODS \
-+	KEX_SHA256_METHODS \
-+	"diffie-hellman-group-exchange-sha1," \
-+	"diffie-hellman-group14-sha1," \
-+	"diffie-hellman-group1-sha1"
-+
-+#define	KEX_DEFAULT_PK_ALG	\
-+	HOSTKEY_ECDSA_CERT_METHODS \
-+	"[email protected]," \
-+	"[email protected]," \
-+	"[email protected]," \
-+	"[email protected]," \
-+	HOSTKEY_ECDSA_METHODS \
-+	"ssh-rsa," \
-+	"ssh-dss"
-+#else /* WITHOUT_ED25519 */
- # define KEX_DEFAULT_KEX \
+ #ifdef WITH_OPENSSL
+-# ifdef HAVE_EVP_SHA256
+-#  define KEX_CURVE25519_METHODS "[email protected],"
+-# else
+-#  define KEX_CURVE25519_METHODS ""
+-# endif
+ #define KEX_SERVER_KEX \
  	KEX_CURVE25519_METHODS \
  	KEX_ECDH_METHODS \
[email protected]@ -99,6 +117,7 @@
- 	"ssh-ed25519," \
[email protected]@ -95,13 +104,13 @@
+ 
+ #define	KEX_DEFAULT_PK_ALG	\
+ 	HOSTKEY_ECDSA_CERT_METHODS \
+-	"[email protected]," \
++	HOSTKEY_CURVE25519_CERT_METHODS \
+ 	"[email protected]," \
+ 	"[email protected]," \
+ 	"[email protected]," \
+ 	"[email protected]," \
+ 	HOSTKEY_ECDSA_METHODS \
+-	"ssh-ed25519," \
++	HOSTKEY_CURVE25519_METHODS \
  	"ssh-rsa," \
  	"ssh-dss"
-+#endif /* WITHOUT_ED25519 */
+ 
[email protected]@ -143,10 +152,10 @@
+ #else
  
- /* the actual algorithms */
- 
+ #define KEX_SERVER_KEX		\
+-	"[email protected]"
++	KEX_CURVE25519_METHODS
+ #define	KEX_DEFAULT_PK_ALG	\
+-	"[email protected]," \
+-	"ssh-ed25519"
++	HOSTKEY_CURVE25519_CERT_METHODS \
++	HOSTKEY_CURVE25519_METHODS
+ #define	KEX_SERVER_ENCRYPT \
+ 	"aes128-ctr,aes192-ctr,aes256-ctr," \
+ 	"[email protected]"
 diff -pur old/openbsd-compat/Makefile.in new/openbsd-compat/Makefile.in
---- old/openbsd-compat/Makefile.in	2013-12-06 17:37:54.000000000 -0800
-+++ new/openbsd-compat/Makefile.in	2015-04-02 02:29:35.165103300 -0700
[email protected]@ -18,7 +18,7 @@ LDFLAGS=-L. @[email protected]
- 
- OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sha2.o sigact.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o
- 
--COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
-+COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-setres_id.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o 
- 
- PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o
- 
+--- old/openbsd-compat/Makefile.in	2015-03-16 22:49:20.000000000 -0700
++++ new/openbsd-compat/Makefile.in	2015-05-12 06:57:55.869383953 -0700
 @@ -32,7 +32,7 @@ $(OPENBSD): ../config.h
  $(PORTS): ../config.h
  
@@ -773,8 +383,8 @@
  
  clean:
 diff -pur old/pathnames.h new/pathnames.h
---- old/pathnames.h	2013-12-06 16:24:02.000000000 -0800
-+++ new/pathnames.h	2015-04-01 02:13:45.651827507 -0700
+--- old/pathnames.h	2015-03-16 22:49:20.000000000 -0700
++++ new/pathnames.h	2015-05-12 06:57:55.869773325 -0700
 @@ -39,7 +39,9 @@
  #define _PATH_HOST_KEY_FILE		SSHDIR "/ssh_host_key"
  #define _PATH_HOST_DSA_KEY_FILE		SSHDIR "/ssh_host_dsa_key"
@@ -796,9 +406,9 @@
  /*
   * Configuration file in user's home directory.  This file need not be
 diff -pur old/readconf.c new/readconf.c
---- old/readconf.c	2015-03-31 21:14:02.435957183 -0700
-+++ new/readconf.c	2015-04-01 02:14:22.222135058 -0700
[email protected]@ -1715,8 +1715,10 @@ fill_default_options(Options * options)
+--- old/readconf.c	2015-05-12 06:57:55.746561528 -0700
++++ new/readconf.c	2015-05-12 06:57:55.870873194 -0700
[email protected]@ -1848,8 +1848,10 @@ fill_default_options(Options * options)
  			add_identity_file(options, "~/",
  			    _PATH_SSH_CLIENT_ID_ECDSA, 0);
  #endif
@@ -809,45 +419,10 @@
  		}
  	}
  	if (options->escape_char == -1)
-diff -pur old/sc25519.c new/sc25519.c
---- old/sc25519.c	2014-01-16 17:43:44.000000000 -0800
-+++ new/sc25519.c	2015-04-01 03:46:19.162528358 -0700
[email protected]@ -6,6 +6,8 @@
-  * Copied from supercop-20130419/crypto_sign/ed25519/ref/sc25519.c
-  */
- 
-+#ifndef WITHOUT_ED25519
-+
- #include "includes.h"
- 
- #include "sc25519.h"
[email protected]@ -306,3 +308,5 @@ void sc25519_2interleave2(unsigned char
-   r[125] = ((s1->v[31] >> 2) & 3) ^ (((s2->v[31] >> 2) & 3) << 2);
-   r[126] = ((s1->v[31] >> 4) & 3) ^ (((s2->v[31] >> 4) & 3) << 2);
- }
-+
-+#endif /* WITHOUT_ED25519 */
-diff -pur old/sc25519.h new/sc25519.h
---- old/sc25519.h	2013-12-17 22:48:11.000000000 -0800
-+++ new/sc25519.h	2015-04-01 03:45:37.633735864 -0700
[email protected]@ -8,6 +8,7 @@
- 
- #ifndef SC25519_H
- #define SC25519_H
-+#ifndef WITHOUT_ED25519
- 
- #include "crypto_api.h"
- 
[email protected]@ -77,4 +78,5 @@ void sc25519_window5(signed char r[51],
- 
- void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
- 
-+#endif /* WITHOUT_ED25519 */
- #endif
 diff -pur old/servconf.c new/servconf.c
---- old/servconf.c	2015-03-31 21:14:02.437668507 -0700
-+++ new/servconf.c	2015-04-01 02:15:09.724697791 -0700
[email protected]@ -190,8 +190,10 @@ fill_default_server_options(ServerOption
+--- old/servconf.c	2015-05-12 06:57:55.748493685 -0700
++++ new/servconf.c	2015-05-12 06:57:55.872093181 -0700
[email protected]@ -216,8 +216,10 @@ fill_default_server_options(ServerOption
  			options->host_key_files[options->num_host_key_files++] =
  			    _PATH_HOST_ECDSA_KEY_FILE;
  #endif
@@ -859,8 +434,8 @@
  	}
  	/* No certificates by default */
 diff -pur old/smult_curve25519_ref.c new/smult_curve25519_ref.c
---- old/smult_curve25519_ref.c	2013-11-03 13:26:53.000000000 -0800
-+++ new/smult_curve25519_ref.c	2015-04-01 04:55:30.360761627 -0700
+--- old/smult_curve25519_ref.c	2015-03-16 22:49:20.000000000 -0700
++++ new/smult_curve25519_ref.c	2015-05-12 06:57:55.872682983 -0700
 @@ -6,6 +6,8 @@ Public domain.
  Derived from public domain code by D. J. Bernstein.
  */
@@ -870,25 +445,24 @@
  int crypto_scalarmult_curve25519(unsigned char *, const unsigned char *, const unsigned char *);
  
  static void add(unsigned int out[32],const unsigned int a[32],const unsigned int b[32])
[email protected]@ -263,3 +265,5 @@ int crypto_scalarmult_curve25519(unsigne
[email protected]@ -263,3 +265,4 @@ int crypto_scalarmult_curve25519(unsigne
    for (i = 0;i < 32;++i) q[i] = work[64 + i];
    return 0;
  }
-+
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/ssh-add.0 new/ssh-add.0
---- old/ssh-add.0	2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-add.0	2015-04-02 08:18:24.840811117 -0700
+--- old/ssh-add.0	2015-03-17 21:26:35.000000000 -0700
++++ new/ssh-add.0	2015-05-12 07:37:37.356166396 -0700
 @@ -11,7 +11,7 @@ SYNOPSIS
  DESCRIPTION
       ssh-add adds private key identities to the authentication agent,
       ssh-agent(1).  When run without arguments, it adds the files
 -     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
-+     ~/.ssh/id_rsa, ~/.ssh/id_dsa and
++     ~/.ssh/id_rsa, ~/.ssh/id_dsa, and
       ~/.ssh/identity.  After loading a private key, ssh-add will try to load
       corresponding certificate information from the filename obtained by
       appending -cert.pub to the name of the private key file.  Alternative
[email protected]@ -91,14 +91,6 @@ FILES
[email protected]@ -96,14 +96,6 @@ FILES
               Contains the protocol version 2 DSA authentication identity of
               the user.
  
@@ -897,16 +471,16 @@
 -             the user.
 -
 -     ~/.ssh/id_ed25519
--             Contains the protocol version 2 ED25519 authentication identity
+-             Contains the protocol version 2 Ed25519 authentication identity
 -             of the user.
 -
       ~/.ssh/id_rsa
               Contains the protocol version 2 RSA authentication identity of
               the user.
 diff -pur old/ssh-add.1 new/ssh-add.1
---- old/ssh-add.1	2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh-add.1	2015-04-02 08:11:00.150982710 -0700
[email protected]@ -57,8 +57,6 @@ adds private key identities to the authe
+--- old/ssh-add.1	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-add.1	2015-05-12 07:47:42.099918141 -0700
[email protected]@ -58,8 +58,6 @@ adds private key identities to the authe
  When run without arguments, it adds the files
  .Pa ~/.ssh/id_rsa ,
  .Pa ~/.ssh/id_dsa ,
@@ -915,24 +489,24 @@
  and
  .Pa ~/.ssh/identity .
  After loading a private key,
[email protected]@ -168,10 +166,6 @@ socket used to communicate with the agen
[email protected]@ -177,10 +175,6 @@ socket used to communicate with the agen
  Contains the protocol version 1 RSA authentication identity of the user.
  .It Pa ~/.ssh/id_dsa
  Contains the protocol version 2 DSA authentication identity of the user.
 -.It Pa ~/.ssh/id_ecdsa
 -Contains the protocol version 2 ECDSA authentication identity of the user.
 -.It Pa ~/.ssh/id_ed25519
--Contains the protocol version 2 ED25519 authentication identity of the user.
+-Contains the protocol version 2 Ed25519 authentication identity of the user.
  .It Pa ~/.ssh/id_rsa
  Contains the protocol version 2 RSA authentication identity of the user.
  .El
 diff -pur old/ssh-add.c new/ssh-add.c
---- old/ssh-add.c	2013-12-28 22:44:07.000000000 -0800
-+++ new/ssh-add.c	2015-04-01 04:55:52.619415360 -0700
[email protected]@ -73,7 +73,9 @@ static char *default_files[] = {
- #ifdef OPENSSL_HAS_ECC
+--- old/ssh-add.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-add.c	2015-05-12 06:57:55.873128238 -0700
[email protected]@ -78,7 +78,9 @@ static char *default_files[] = {
  	_PATH_SSH_CLIENT_ID_ECDSA,
  #endif
+ #endif /* WITH_OPENSSL */
 +#ifndef WITHOUT_ED25519
  	_PATH_SSH_CLIENT_ID_ED25519,
 +#endif /* WITHOUT_ED25519 */
@@ -940,103 +514,63 @@
  	NULL
  };
 diff -pur old/ssh-agent.0 new/ssh-agent.0
---- old/ssh-agent.0	2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-agent.0	2015-04-02 08:18:54.504859476 -0700
[email protected]@ -9,7 +9,7 @@ SYNOPSIS
+--- old/ssh-agent.0	2015-03-17 21:26:35.000000000 -0700
++++ new/ssh-agent.0	2015-05-12 07:37:55.617194120 -0700
[email protected]@ -10,7 +10,7 @@ SYNOPSIS
  
  DESCRIPTION
       ssh-agent is a program to hold private keys used for public key
--     authentication (RSA, DSA, ECDSA, ED25519).  The idea is that ssh-agent is
-+     authentication (RSA, DSA).  The idea is that ssh-agent is
-      started in the beginning of an X-session or a login session, and all
-      other windows or programs are started as clients to the ssh-agent
-      program.  Through use of environment variables the agent can be located
[email protected]@ -46,8 +46,8 @@ DESCRIPTION
- 
-      The agent initially does not have any private keys.  Keys are added using
-      ssh-add(1).  When executed without arguments, ssh-add(1) adds the files
--     ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 and
--     ~/.ssh/identity.  If the identity has a passphrase, ssh-add(1) asks for
-+     ~/.ssh/id_rsa, ~/.ssh/id_dsa ~/.ssh/identity.  
-+     If the identity has a passphrase, ssh-add(1) asks for
-      the passphrase on the terminal if it has one or from a small X11 program
-      if running under X11.  If neither of these is the case then the
-      authentication will fail.  It then sends the identity to the agent.
[email protected]@ -97,14 +97,6 @@ FILES
-              Contains the protocol version 2 DSA authentication identity of
-              the user.
- 
--     ~/.ssh/id_ecdsa
--             Contains the protocol version 2 ECDSA authentication identity of
--             the user.
--
--     ~/.ssh/id_ed25519
--             Contains the protocol version 2 ED25519 authentication identity
--             of the user.
--
-      ~/.ssh/id_rsa
-              Contains the protocol version 2 RSA authentication identity of
-              the user.
+-     authentication (RSA, DSA, ECDSA, Ed25519).  ssh-agent is usually started
++     authentication (RSA, DSA).  ssh-agent is usually started
+      in the beginning of an X-session or a login session, and all other
+      windows or programs are started as clients to the ssh-agent program.
+      Through use of environment variables the agent can be located and
 diff -pur old/ssh-agent.1 new/ssh-agent.1
---- old/ssh-agent.1	2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh-agent.1	2015-04-02 08:11:35.139725778 -0700
[email protected]@ -53,7 +53,7 @@
+--- old/ssh-agent.1	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-agent.1	2015-05-12 07:47:53.707510271 -0700
[email protected]@ -54,7 +54,7 @@
  .Sh DESCRIPTION
  .Nm
  is a program to hold private keys used for public key authentication
--(RSA, DSA, ECDSA, ED25519).
+-(RSA, DSA, ECDSA, Ed25519).
 +(RSA, DSA).
- The idea is that
  .Nm
- is started in the beginning of an X-session or a login session, and
[email protected]@ -114,9 +114,7 @@ When executed without arguments,
- .Xr ssh-add 1
- adds the files
- .Pa ~/.ssh/id_rsa ,
--.Pa ~/.ssh/id_dsa ,
--.Pa ~/.ssh/id_ecdsa ,
--.Pa ~/.ssh/id_ed25519
-+.Pa ~/.ssh/id_dsa 
- and
- .Pa ~/.ssh/identity .
- If the identity has a passphrase,
[email protected]@ -189,10 +187,6 @@ line terminates.
- Contains the protocol version 1 RSA authentication identity of the user.
- .It Pa ~/.ssh/id_dsa
- Contains the protocol version 2 DSA authentication identity of the user.
--.It Pa ~/.ssh/id_ecdsa
--Contains the protocol version 2 ECDSA authentication identity of the user.
--.It Pa ~/.ssh/id_ed25519
--Contains the protocol version 2 ED25519 authentication identity of the user.
- .It Pa ~/.ssh/id_rsa
- Contains the protocol version 2 RSA authentication identity of the user.
- .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt
+ is usually started in the beginning of an X-session or a login session, and
+ all other windows or programs are started as clients to the ssh-agent
 diff -pur old/ssh-ed25519.c new/ssh-ed25519.c
---- old/ssh-ed25519.c	2013-12-06 17:37:54.000000000 -0800
-+++ new/ssh-ed25519.c	2015-04-01 03:45:52.747724716 -0700
[email protected]@ -15,6 +15,8 @@
-  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-  */
+--- old/ssh-ed25519.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-ed25519.c	2015-05-12 06:57:55.873512963 -0700
[email protected]@ -17,6 +17,8 @@
+ 
+ #include "includes.h"
  
 +#ifndef WITHOUT_ED25519
 +
- #include "includes.h"
+ #include <sys/types.h>
+ #include <limits.h>
  
- #include <sys/types.h>
[email protected]@ -141,3 +143,5 @@ ssh_ed25519_verify(const Key *key, const
- 	/* translate return code carefully */
- 	return (ret == 0) ? 1 : -1;
[email protected]@ -164,3 +166,4 @@ ssh_ed25519_verify(const struct sshkey *
+ 	free(ktype);
+ 	return r;
  }
-+
 +#endif /* WITHOUT_ED25519 */
 diff -pur old/ssh-keygen.0 new/ssh-keygen.0
---- old/ssh-keygen.0	2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-keygen.0	2015-04-02 08:01:54.866988427 -0700
+--- old/ssh-keygen.0	2015-03-17 21:26:35.000000000 -0700
++++ new/ssh-keygen.0	2015-05-12 07:40:51.445122062 -0700
[email protected]@ -4,7 +4,7 @@ NAME
+      ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
+ 
+ SYNOPSIS
+-     ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
++     ssh-keygen [-q] [-b bits] [-t dsa | rsa | rsa1]
+                 [-N new_passphrase] [-C comment] [-f output_keyfile]
+      ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
+      ssh-keygen -i [-m key_format] [-f input_keyfile]
 @@ -32,7 +32,7 @@ SYNOPSIS
  DESCRIPTION
       ssh-keygen generates, manages and converts authentication keys for
       ssh(1).  ssh-keygen can create RSA keys for use by SSH protocol version 1
--     and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
+-     and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
 +     and DSA or RSA keys for use by SSH protocol version 2.
       The type of key to be generated is specified with the -t option.  If
       invoked without any arguments, ssh-keygen will generate an RSA key for
@@ -1055,7 +589,7 @@
       The options are as follows:
  
 -     -A      For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
-+     -A      For each of the key types (rsa1, rsa, and dsa) for
++     -A      For each of the key types (rsa1, rsa and dsa) for
               which host keys do not exist, generate the host keys with the
               default key file path, an empty passphrase, default bits for the
               key type, and default comment.  This is used by /etc/rc to
@@ -1063,7 +597,7 @@
  
       -a rounds
 -             When saving a new-format private key (i.e. an ed25519 key or any
-+             When saving a new-format private key (i.e. any
++             When saving a new-format private key (i.e. 
               SSH protocol 2 key when the -o flag is set), this option
               specifies the number of KDF (key derivation function) rounds
               used.  Higher numbers result in slower passphrase verification
@@ -1075,13 +609,13 @@
 -             the -b flag determines the key length by selecting from one of
 -             three elliptic curve sizes: 256, 384 or 521 bits.  Attempting to
 -             use bit lengths other than these three values for ECDSA keys will
--             fail.  ED25519 keys have a fixed length and the -b flag will be
+-             fail.  Ed25519 keys have a fixed length and the -b flag will be
 -             ignored.
 +             exactly 1024 bits as specified by FIPS 186-2.
  
       -C comment
               Provides a new comment.
[email protected]@ -274,7 +269,7 @@ DESCRIPTION
[email protected]@ -279,7 +274,7 @@ DESCRIPTION
               new OpenSSH format rather than the more compatible PEM format.
               The new format has increased resistance to brute-force password
               cracking but is not supported by versions of OpenSSH prior to
@@ -1090,54 +624,64 @@
  
       -P passphrase
               Provides the (old) passphrase.
[email protected]@ -315,8 +310,8 @@ DESCRIPTION
[email protected]@ -318,9 +313,9 @@ DESCRIPTION
+              Test DH group exchange candidate primes (generated using the -G
+              option) for safety.
  
-      -t type
+-     -t dsa | ecdsa | ed25519 | rsa | rsa1
++     -t dsa |  rsa | rsa1
               Specifies the type of key to create.  The possible values are
--             ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'',
--             ``ed25519'', or ``rsa'' for protocol version 2.
-+             ``rsa1'' for protocol version 1 and ``dsa'' or ``rsa'' for 
-+             protocol version 2.
+-             M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
++             M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], or
+              M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
  
       -u      Update a KRL.  When specified with -k, keys listed via the
-              command line are added to the existing KRL rather than a new KRL
[email protected]@ -521,10 +516,8 @@ FILES
[email protected]@ -525,10 +520,8 @@ FILES
               contents of this file secret.
  
       ~/.ssh/id_dsa
 -     ~/.ssh/id_ecdsa
 -     ~/.ssh/id_ed25519
       ~/.ssh/id_rsa
--             Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+-             Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
 +             Contains the protocol version 2 DSA or RSA
               authentication identity of the user.  This file should not be
               readable by anyone but the user.  It is possible to specify a
               passphrase when generating the key; that passphrase will be used
[email protected]@ -534,10 +527,8 @@ FILES
[email protected]@ -538,10 +531,8 @@ FILES
               read this file when a login attempt is made.
  
       ~/.ssh/id_dsa.pub
 -     ~/.ssh/id_ecdsa.pub
 -     ~/.ssh/id_ed25519.pub
       ~/.ssh/id_rsa.pub
--             Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA public
+-             Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
 +             Contains the protocol version 2 DSA or RSA public
               key for authentication.  The contents of this file should be
               added to ~/.ssh/authorized_keys on all machines where the user
               wishes to log in using public key authentication.  There is no
 diff -pur old/ssh-keygen.1 new/ssh-keygen.1
---- old/ssh-keygen.1	2013-12-28 22:47:14.000000000 -0800
-+++ new/ssh-keygen.1	2015-04-02 08:13:41.714356008 -0700
[email protected]@ -140,7 +140,7 @@ generates, manages and converts authenti
+--- old/ssh-keygen.1	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-keygen.1	2015-05-12 07:49:52.125219558 -0700
[email protected]@ -46,7 +46,7 @@
+ .Nm ssh-keygen
+ .Op Fl q
+ .Op Fl b Ar bits
+-.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
++.Op Fl t Cm dsa | rsa | rsa1
+ .Op Fl N Ar new_passphrase
+ .Op Fl C Ar comment
+ .Op Fl f Ar output_keyfile
[email protected]@ -142,7 +142,7 @@ generates, manages and converts authenti
  .Xr ssh 1 .
  .Nm
  can create RSA keys for use by SSH protocol version 1 and
--DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
+-DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
 +DSA or RSA keys for use by SSH protocol version 2.
  The type of key to be generated is specified with the
  .Fl t
  option.
[email protected]@ -168,8 +168,6 @@ with public key authentication runs this
[email protected]@ -170,8 +170,6 @@ with public key authentication runs this
  key in
  .Pa ~/.ssh/identity ,
  .Pa ~/.ssh/id_dsa ,
@@ -1146,26 +690,25 @@
  or
  .Pa ~/.ssh/id_rsa .
  Additionally, the system administrator may use this to generate host keys,
[email protected]@ -217,7 +215,7 @@ should be placed to be activated.
[email protected]@ -219,7 +217,7 @@ should be placed to be activated.
  The options are as follows:
  .Bl -tag -width Ds
  .It Fl A
 -For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
-+For each of the key types (rsa1, rsa, dsa)
++For each of the key types (rsa1, rsa and dsa)
  for which host keys
  do not exist, generate the host keys with the default key file path,
  an empty passphrase, default bits for the key type, and default comment.
[email protected]@ -225,8 +223,7 @@ This is used by
[email protected]@ -227,7 +225,7 @@ This is used by
  .Pa /etc/rc
  to generate new host keys.
  .It Fl a Ar rounds
 -When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
--2 key when the
-+When saving a new-format private key (i.e. any SSH protocol 2 key when the
++When saving a new-format private key (i.e. SSH protocol
+ 2 key when the
  .Fl o
  flag is set), this option specifies the number of KDF (key derivation function)
- rounds used.
[email protected]@ -245,15 +242,6 @@ Specifies the number of bits in the key
[email protected]@ -247,15 +245,6 @@ Specifies the number of bits in the key
  For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
  Generally, 2048 bits is considered sufficient.
  DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
@@ -1175,13 +718,13 @@
 -curve sizes: 256, 384 or 521 bits.
 -Attempting to use bit lengths other than these three values for ECDSA keys
 -will fail.
--ED25519 keys have a fixed length and the
+-Ed25519 keys have a fixed length and the
 -.Fl b
 -flag will be ignored.
  .It Fl C Ar comment
  Provides a new comment.
  .It Fl c
[email protected]@ -468,7 +456,6 @@ to save SSH protocol 2 private keys usin
[email protected]@ -478,7 +467,6 @@ to save SSH protocol 2 private keys usin
  the more compatible PEM format.
  The new format has increased resistance to brute-force password cracking
  but is not supported by versions of OpenSSH prior to 6.5.
@@ -1189,7 +732,14 @@
  .It Fl P Ar passphrase
  Provides the (old) passphrase.
  .It Fl p
[email protected]@ -520,8 +507,6 @@ The possible values are
[email protected]@ -524,14 +512,12 @@ section for details.
+ Test DH group exchange candidate primes (generated using the
+ .Fl G
+ option) for safety.
+-.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
++.It Fl t Cm dsa | rsa | rsa1
+ Specifies the type of key to create.
+ The possible values are
  .Dq rsa1
  for protocol version 1 and
  .Dq dsa ,
@@ -1198,46 +748,47 @@
  or
  .Dq rsa
  for protocol version 2.
[email protected]@ -800,10 +785,8 @@ where the user wishes to log in using RS
[email protected]@ -810,10 +796,8 @@ where the user wishes to log in using RS
  There is no need to keep the contents of this file secret.
  .Pp
  .It Pa ~/.ssh/id_dsa
 -.It Pa ~/.ssh/id_ecdsa
 -.It Pa ~/.ssh/id_ed25519
  .It Pa ~/.ssh/id_rsa
--Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+-Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
 +Contains the protocol version 2 DSA or RSA
  authentication identity of the user.
  This file should not be readable by anyone but the user.
  It is possible to
[email protected]@ -816,10 +799,8 @@ but it is offered as the default file fo
[email protected]@ -826,10 +810,8 @@ but it is offered as the default file fo
  will read this file when a login attempt is made.
  .Pp
  .It Pa ~/.ssh/id_dsa.pub
 -.It Pa ~/.ssh/id_ecdsa.pub
 -.It Pa ~/.ssh/id_ed25519.pub
  .It Pa ~/.ssh/id_rsa.pub
--Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+-Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
 +Contains the protocol version 2 DSA or RSA
  public key for authentication.
  The contents of this file should be added to
  .Pa ~/.ssh/authorized_keys
 diff -pur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c	2013-12-06 16:24:02.000000000 -0800
-+++ new/ssh-keygen.c	2015-04-01 02:26:11.265143754 -0700
[email protected]@ -197,7 +197,11 @@ type_bits_valid(int type, u_int32_t *bit
+--- old/ssh-keygen.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-keygen.c	2015-05-12 06:57:55.874834232 -0700
[email protected]@ -214,7 +214,11 @@ type_bits_valid(int type, const char *na
  	}
  	if (type == KEY_DSA && *bitsp != 1024)
  		fatal("DSA keys must be 1024 bits");
-+#ifdef WITHOUT_ED25519
-+	else if (type != KEY_ECDSA && *bitsp < 768)
-+#else /* WITHOUT_ED25519 */
- 	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
+-	else if (type != KEY_ECDSA && type != KEY_ED25519 && *bitsp < 768)
++	else if (type != KEY_ECDSA &&
++#ifndef WITHOUT_ED25519
++		 type != KEY_ED25519 &&
 +#endif /* WITHOUT_ED25519 */
++		 *bitsp < 768)
  		fatal("Key must at least be 768 bits");
- 	else if (type == KEY_ECDSA && key_ecdsa_bits_to_nid(*bitsp) == -1)
+ 	else if (type == KEY_ECDSA && sshkey_ecdsa_bits_to_nid(*bitsp) == -1)
  		fatal("Invalid ECDSA key length - valid lengths are "
[email protected]@ -233,10 +237,12 @@ ask_filename(struct passwd *pw, const ch
[email protected]@ -251,10 +255,12 @@ ask_filename(struct passwd *pw, const ch
  		case KEY_RSA:
  			name = _PATH_SSH_CLIENT_ID_RSA;
  			break;
@@ -1250,7 +801,7 @@
  		default:
  			fprintf(stderr, "bad key type\n");
  			exit(1);
[email protected]@ -900,7 +906,9 @@ do_gen_all_hostkeys(struct passwd *pw)
[email protected]@ -954,7 +960,9 @@ do_gen_all_hostkeys(struct passwd *pw)
  #ifdef OPENSSL_HAS_ECC
  		{ "ecdsa", "ECDSA",_PATH_HOST_ECDSA_KEY_FILE },
  #endif
@@ -1260,30 +811,41 @@
  		{ NULL, NULL, NULL }
  	};
  
[email protected]@ -1616,7 +1624,10 @@ do_ca_sign(struct passwd *pw, int argc,
- 		if ((public = key_load_public(tmp, &comment)) == NULL)
- 			fatal("%s: unable to open \"%s\"", __func__, tmp);
[email protected]@ -1643,7 +1651,10 @@ do_ca_sign(struct passwd *pw, int argc,
+ 			fatal("%s: unable to open \"%s\": %s",
+ 			    __func__, tmp, ssh_err(r));
  		if (public->type != KEY_RSA && public->type != KEY_DSA &&
 -		    public->type != KEY_ECDSA && public->type != KEY_ED25519)
 +#ifndef WITHOUT_ED25519
-+		    public->type != KEY_ED25519 &&
++		    public->type != KEY_ED25519 && 
 +#endif /* WITHOUT_ED25519 */
 +		    public->type != KEY_ECDSA)
  			fatal("%s: key \"%s\" type %s cannot be certified",
- 			    __func__, tmp, key_type(public));
+ 			    __func__, tmp, sshkey_type(public));
  
[email protected]@ -2558,8 +2569,10 @@ main(int argc, char **argv)
+ 			    _PATH_HOST_DSA_KEY_FILE, rr_hostname);
+ 			n += do_print_resource_record(pw,
+ 			    _PATH_HOST_ECDSA_KEY_FILE, rr_hostname);
++#ifndef WITHOUT_ED25519
+ 			n += do_print_resource_record(pw,
+ 			    _PATH_HOST_ED25519_KEY_FILE, rr_hostname);
++#endif /* WITHOUT_ED25519 */
+ 			if (n == 0)
+ 				fatal("no keys found.");
+ 			exit(0);
 diff -pur old/ssh-keyscan.0 new/ssh-keyscan.0
---- old/ssh-keyscan.0	2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh-keyscan.0	2015-04-02 08:03:08.223476077 -0700
+--- old/ssh-keyscan.0	2015-03-17 21:26:35.000000000 -0700
++++ new/ssh-keyscan.0	2015-05-12 07:42:45.592281964 -0700
 @@ -48,9 +48,9 @@ DESCRIPTION
       -t type
               Specifies the type of the key to fetch from the scanned hosts.
-              The possible values are ``rsa1'' for protocol version 1 and
--             ``dsa'', ``ecdsa'', ``ed25519'', or ``rsa'' for protocol version
-+             ``dsa'' or ``rsa'' for protocol version
-              2.  Multiple values may be specified by separating them with
--             commas.  The default is to fetch ``rsa'' and ``ecdsa'' keys.
-+             commas.  The default is to fetch ``rsa'' keys.
+              The possible values are M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
+-             M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.  Multiple
++             or M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.  Multiple
+              values may be specified by separating them with commas.  The
+-             default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], and M-bM-^@M-^\ed25519M-bM-^@M-^] keys.
++             default is to fetch M-bM-^@M-^\rsaM-bM-^@M-^] keys.
  
       -v      Verbose mode.  Causes ssh-keyscan to print debugging messages
               about its progress.
@@ -1291,14 +853,14 @@
  
       host-or-namelist bits exponent modulus
  
--     Output format for rsa, dsa and ecdsa keys:
-+     Output format for rsa and dsa keys:
+-     Output format for RSA, DSA, ECDSA, and Ed25519 keys:
++     Output format for RSA, and DSA keys:
  
       host-or-namelist keytype base64-encoded-key
  
--     Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
--     ``ecdsa-sha2-nistp521'', ``ssh-ed25519'', ``ssh-dss'' or ``ssh-rsa''.
-+     Where keytype is either ``ssh-dss'' or ``ssh-rsa''.
+-     Where keytype is either M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^],
+-     M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
++     Where keytype is either M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
  
       /etc/ssh/ssh_known_hosts
  
@@ -1306,43 +868,47 @@
       Find all hosts from the file ssh_hosts which have new or different keys
       from those in the sorted file ssh_known_hosts:
  
--     $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \
+-     $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \
 +     $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \
               sort -u - ssh_known_hosts | diff ssh_known_hosts -
  
  SEE ALSO
 diff -pur old/ssh-keyscan.1 new/ssh-keyscan.1
---- old/ssh-keyscan.1	2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh-keyscan.1	2015-04-02 08:14:50.877137257 -0700
[email protected]@ -89,16 +89,12 @@ The possible values are
+--- old/ssh-keyscan.1	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-keyscan.1	2015-05-12 07:50:53.173745820 -0700
[email protected]@ -90,18 +90,13 @@ Specifies the type of the key to fetch f
+ The possible values are
  .Dq rsa1
  for protocol version 1 and
- .Dq dsa ,
+-.Dq dsa ,
 -.Dq ecdsa ,
 -.Dq ed25519 ,
++.Dq dsa 
  or
  .Dq rsa
  for protocol version 2.
  Multiple values may be specified by separating them with commas.
  The default is to fetch
- .Dq rsa
+-.Dq rsa ,
+-.Dq ecdsa ,
 -and
--.Dq ecdsa
+-.Dq ed25519
++.Dq rsa 
  keys.
  .It Fl v
  Verbose mode.
[email protected]@ -127,7 +123,7 @@ attacks which have begun after the ssh_k
[email protected]@ -130,7 +125,7 @@ Output format for RSA1 keys:
  host-or-namelist bits exponent modulus
  .Ed
  .Pp
--.Pa Output format for rsa, dsa and ecdsa keys:
-+.Pa Output format for rsa and dsa keys:
+-Output format for RSA, DSA, ECDSA, and Ed25519 keys:
++Output format for RSA and DSA keys:
  .Bd -literal
  host-or-namelist keytype base64-encoded-key
  .Ed
[email protected]@ -135,10 +131,6 @@ host-or-namelist keytype base64-encoded-
[email protected]@ -138,10 +133,6 @@ host-or-namelist keytype base64-encoded-
  Where
- .Pa keytype
+ .Ar keytype
  is either
 -.Dq ecdsa-sha2-nistp256 ,
 -.Dq ecdsa-sha2-nistp384 ,
@@ -1351,61 +917,37 @@
  .Dq ssh-dss
  or
  .Dq ssh-rsa .
[email protected]@ -158,7 +150,7 @@ Find all hosts from the file
[email protected]@ -159,7 +150,7 @@ Find all hosts from the file
  which have new or different keys from those in the sorted file
  .Pa ssh_known_hosts :
  .Bd -literal
--$ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \e
+-$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
 +$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
  	sort -u - ssh_known_hosts | diff ssh_known_hosts -
  .Ed
  .Sh SEE ALSO
 diff -pur old/ssh-keyscan.c new/ssh-keyscan.c
---- old/ssh-keyscan.c	2013-12-06 16:24:02.000000000 -0800
-+++ new/ssh-keyscan.c	2015-04-01 02:51:28.981556385 -0700
[email protected]@ -56,7 +56,9 @@ int ssh_port = SSH_DEFAULT_PORT;
- #define KT_DSA		2
- #define KT_RSA		4
- #define KT_ECDSA	8
-+#ifndef WITHOUT_ED25519
- #define KT_ED25519	16
-+#endif /* WITHOUT_ED25519 */
- 
- int get_keytypes = KT_RSA|KT_ECDSA;/* Get RSA and ECDSA keys by default */
- 
[email protected]@ -247,9 +249,11 @@ keygrab_ssh2(con *c)
- 	packet_set_connection(c->c_fd, c->c_fd);
- 	enable_compat20();
- 	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
--	    c->c_keytype == KT_DSA ?  "ssh-dss" :
+--- old/ssh-keyscan.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-keyscan.c	2015-05-12 06:57:55.875467494 -0700
[email protected]@ -286,7 +286,9 @@ keygrab_ssh2(con *c)
+ 	c->c_ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ # endif
+ #endif
 +#ifndef WITHOUT_ED25519
-+	    c->c_keytype == KT_ED25519 ?  "ssh-ed25519" :
+ 	c->c_ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 +#endif /* WITHOUT_ED25519 */
- 	    (c->c_keytype == KT_RSA ? "ssh-rsa" :
--	    (c->c_keytype == KT_ED25519 ? "ssh-ed25519" :
-+	    (c->c_keytype == KT_DSA ? "ssh-dss" :
- 	    "ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521"));
- 	c->c_kex = kex_setup(myproposal);
- 	c->c_kex->kex[KEX_DH_GRP1_SHA1] = kexdh_client;
[email protected]@ -257,7 +261,9 @@ keygrab_ssh2(con *c)
- 	c->c_kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
- 	c->c_kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
- 	c->c_kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
-+#ifndef WITHOUT_ED25519
- 	c->c_kex->kex[KEX_C25519_SHA256] = kexc25519_client;
-+#endif /* WITHOUT_ED25519 */
- 	c->c_kex->verify_host_key = hostjump;
- 
- 	if (!(j = setjmp(kexjmp))) {
[email protected]@ -575,10 +581,15 @@ do_host(char *host)
+ 	ssh_set_verify_host_key_callback(c->c_ssh, key_print_wrapper);
+ 	/*
+ 	 * do the key-exchange until an error occurs or until
[email protected]@ -609,10 +611,15 @@ do_host(char *host)
  {
  	char *name = strnnsep(&host, " \t\n");
  	int j;
-+#ifdef WITHOUT_ED25519
-+	int max_kt = KT_ECDSA;
++#ifndef WITHOUT_ED25519
++	int max_kt = KT_ED25519;
 +#else
-+	int max_kt = KT_ED25519;
-+#endif
++	int max_kt = KT_ECDSA;
++#endif /* WITHOUT_ED25519 */
  
  	if (name == NULL)
  		return;
@@ -1414,7 +956,7 @@
  		if (get_keytypes & j) {
  			while (ncon >= MAXCON)
  				conloop();
[email protected]@ -685,9 +696,11 @@ main(int argc, char **argv)
[email protected]@ -716,9 +723,11 @@ main(int argc, char **argv)
  				case KEY_RSA:
  					get_keytypes |= KT_RSA;
  					break;
@@ -1427,8 +969,8 @@
  					fatal("unknown key type %s", tname);
  				}
 diff -pur old/ssh-keysign.0 new/ssh-keysign.0
---- old/ssh-keysign.0	2014-01-29 17:52:48.000000000 -0800
-+++ new/ssh-keysign.0	2015-04-02 08:03:28.313581826 -0700
+--- old/ssh-keysign.0	2015-03-17 21:26:36.000000000 -0700
++++ new/ssh-keysign.0	2015-05-12 07:42:57.261187576 -0700
 @@ -24,8 +24,6 @@ FILES
               Controls whether ssh-keysign is enabled.
  
@@ -1448,8 +990,8 @@
               If these files exist they are assumed to contain public
               certificate information corresponding with the private keys
 diff -pur old/ssh-keysign.8 new/ssh-keysign.8
---- old/ssh-keysign.8	2015-03-31 21:14:02.337922491 -0700
-+++ new/ssh-keysign.8	2015-04-02 08:16:42.230595366 -0700
+--- old/ssh-keysign.8	2015-05-12 06:57:55.609219058 -0700
++++ new/ssh-keysign.8	2015-05-12 07:52:35.880504667 -0700
 @@ -62,8 +62,6 @@ Controls whether
  is enabled.
  .Pp
@@ -1469,21 +1011,18 @@
  If these files exist they are assumed to contain public certificate
  information corresponding with the private keys above.
 diff -pur old/ssh-keysign.c new/ssh-keysign.c
---- old/ssh-keysign.c	2013-12-06 16:24:02.000000000 -0800
-+++ new/ssh-keysign.c	2015-04-01 02:53:53.600004403 -0700
[email protected]@ -150,7 +150,11 @@ main(int argc, char **argv)
+--- old/ssh-keysign.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh-keysign.c	2015-05-25 04:37:07.788045828 -0700
[email protected]@ -168,7 +168,7 @@ main(int argc, char **argv)
  {
- 	Buffer b;
+ 	struct sshbuf *b;
  	Options options;
-+#ifdef WITHOUT_ED25519
+-#define NUM_KEYTYPES 4
 +#define NUM_KEYTYPES 3
-+#else
- #define NUM_KEYTYPES 4
-+#endif
- 	Key *keys[NUM_KEYTYPES], *key = NULL;
+ 	struct sshkey *keys[NUM_KEYTYPES], *key = NULL;
  	struct passwd *pw;
- 	int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
[email protected]@ -169,7 +173,9 @@ main(int argc, char **argv)
+ 	int r, key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
[email protected]@ -189,7 +189,9 @@ main(int argc, char **argv)
  	i = 0;
  	key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
  	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
@@ -1494,53 +1033,53 @@
  
  	original_real_uid = getuid();	/* XXX readconf.c needs this */
 diff -pur old/ssh.0 new/ssh.0
---- old/ssh.0	2014-01-29 17:52:47.000000000 -0800
-+++ new/ssh.0	2015-04-02 08:05:51.667197938 -0700
[email protected]@ -142,8 +142,8 @@ DESCRIPTION
+--- old/ssh.0	2015-03-17 21:26:35.000000000 -0700
++++ new/ssh.0	2015-05-12 07:44:32.393217723 -0700
[email protected]@ -141,8 +141,8 @@ DESCRIPTION
       -i identity_file
               Selects a file from which the identity (private key) for public
               key authentication is read.  The default is ~/.ssh/identity for
 -             protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
 -             ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+             protocol version 1, and ~/.ssh/id_dsa, and ~/.ssh/id_rsa for
-+             protocol version 2.
++             protocol version 1, and ~/.ssh/id_dsa
++             and ~/.ssh/id_rsa for protocol version 2.
               Identity files may also be specified on a per-host basis in the
               configuration file.  It is possible to have multiple -i options
               (and multiple identities specified in configuration files).  ssh
[email protected]@ -446,7 +446,7 @@ AUTHENTICATION
[email protected]@ -451,7 +451,7 @@ AUTHENTICATION
       creates a public/private key pair for authentication purposes.  The
       server knows the public key, and only the user knows the private key.
       ssh implements public key authentication protocol automatically, using
--     one of the DSA, ECDSA, ED25519 or RSA algorithms.  Protocol 1 is
+-     one of the DSA, ECDSA, Ed25519 or RSA algorithms.  Protocol 1 is
 +     one of the DSA or RSA algorithms.  Protocol 1 is
       restricted to using only RSA keys, but protocol 2 may use any.  The
       HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA
       algorithms.
[email protected]@ -459,11 +459,9 @@ AUTHENTICATION
[email protected]@ -464,11 +464,9 @@ AUTHENTICATION
  
       The user creates his/her key pair by running ssh-keygen(1).  This stores
       the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol
 -     2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), ~/.ssh/id_ed25519 (protocol 2
--     ED25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
+-     Ed25519), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
 -     ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA),
 -     ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), ~/.ssh/id_ed25519.pub (protocol 2
--     ED25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
+-     Ed25519), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
 +     2 DSA) or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in
 +     ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA)
 +     or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home
       directory.  The user should then copy the public key to
       ~/.ssh/authorized_keys in his/her home directory on the remote machine.
       The authorized_keys file corresponds to the conventional ~/.rhosts file,
[email protected]@ -799,7 +797,7 @@ FILES
[email protected]@ -804,7 +802,7 @@ FILES
               for the user, and not accessible by others.
  
       ~/.ssh/authorized_keys
--             Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
+-             Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
 +             Lists the public keys (DSA, RSA) that can be used
               for logging in as this user.  The format of this file is
               described in the sshd(8) manual page.  This file is not highly
               sensitive, but the recommended permissions are read/write for the
[email protected]@ -817,8 +815,6 @@ FILES
[email protected]@ -822,8 +820,6 @@ FILES
  
       ~/.ssh/identity
       ~/.ssh/id_dsa
@@ -1549,7 +1088,7 @@
       ~/.ssh/id_rsa
               Contains the private key for authentication.  These files contain
               sensitive data and should be readable by the user but not
[email protected]@ -830,8 +826,6 @@ FILES
[email protected]@ -835,8 +831,6 @@ FILES
  
       ~/.ssh/identity.pub
       ~/.ssh/id_dsa.pub
@@ -1558,7 +1097,7 @@
       ~/.ssh/id_rsa.pub
               Contains the public key for authentication.  These files are not
               sensitive and can (but need not) be readable by anyone.
[email protected]@ -862,8 +856,6 @@ FILES
[email protected]@ -867,8 +861,6 @@ FILES
  
       /etc/ssh/ssh_host_key
       /etc/ssh/ssh_host_dsa_key
@@ -1568,58 +1107,60 @@
               These files contain the private parts of the host keys and are
               used for host-based authentication.  If protocol version 1 is
 diff -pur old/ssh.1 new/ssh.1
---- old/ssh.1	2013-12-17 22:46:28.000000000 -0800
-+++ new/ssh.1	2015-04-02 08:15:39.041359535 -0700
[email protected]@ -279,8 +279,6 @@ The default is
+--- old/ssh.1	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh.1	2015-05-12 07:51:38.403098490 -0700
[email protected]@ -274,9 +274,7 @@ public key authentication is read.
+ The default is
  .Pa ~/.ssh/identity
  for protocol version 1, and
- .Pa ~/.ssh/id_dsa ,
+-.Pa ~/.ssh/id_dsa ,
 -.Pa ~/.ssh/id_ecdsa ,
 -.Pa ~/.ssh/id_ed25519
++.Pa ~/.ssh/id_dsa
  and
  .Pa ~/.ssh/id_rsa
  for protocol version 2.
[email protected]@ -758,7 +756,7 @@ key pair for authentication purposes.
[email protected]@ -761,7 +759,7 @@ key pair for authentication purposes.
  The server knows the public key, and only the user knows the private key.
  .Nm
  implements public key authentication protocol automatically,
--using one of the DSA, ECDSA, ED25519 or RSA algorithms.
+-using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
 +using one of the DSA or RSA algorithms.
  Protocol 1 is restricted to using only RSA keys,
  but protocol 2 may use any.
  The HISTORY section of
[email protected]@ -783,10 +781,6 @@ This stores the private key in
[email protected]@ -786,10 +784,6 @@ This stores the private key in
  (protocol 1),
  .Pa ~/.ssh/id_dsa
  (protocol 2 DSA),
 -.Pa ~/.ssh/id_ecdsa
 -(protocol 2 ECDSA),
 -.Pa ~/.ssh/id_ed25519
--(protocol 2 ED25519),
+-(protocol 2 Ed25519),
  or
  .Pa ~/.ssh/id_rsa
  (protocol 2 RSA)
[email protected]@ -795,10 +789,6 @@ and stores the public key in
[email protected]@ -798,10 +792,6 @@ and stores the public key in
  (protocol 1),
  .Pa ~/.ssh/id_dsa.pub
  (protocol 2 DSA),
 -.Pa ~/.ssh/id_ecdsa.pub
 -(protocol 2 ECDSA),
 -.Pa ~/.ssh/id_ed25519.pub
--(protocol 2 ED25519),
+-(protocol 2 Ed25519),
  or
  .Pa ~/.ssh/id_rsa.pub
  (protocol 2 RSA)
[email protected]@ -1338,7 +1328,7 @@ secret, but the recommended permissions
[email protected]@ -1341,7 +1331,7 @@ secret, but the recommended permissions
  and not accessible by others.
  .Pp
  .It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, ED25519, RSA)
+-Lists the public keys (DSA, ECDSA, Ed25519, RSA)
 +Lists the public keys (DSA, RSA)
  that can be used for logging in as this user.
  The format of this file is described in the
  .Xr sshd 8
[email protected]@ -1360,8 +1350,6 @@ above.
[email protected]@ -1363,8 +1353,6 @@ above.
  .Pp
  .It Pa ~/.ssh/identity
  .It Pa ~/.ssh/id_dsa
@@ -1628,7 +1169,7 @@
  .It Pa ~/.ssh/id_rsa
  Contains the private key for authentication.
  These files
[email protected]@ -1375,8 +1363,6 @@ sensitive part of this file using 3DES.
[email protected]@ -1378,8 +1366,6 @@ sensitive part of this file using 3DES.
  .Pp
  .It Pa ~/.ssh/identity.pub
  .It Pa ~/.ssh/id_dsa.pub
@@ -1637,7 +1178,7 @@
  .It Pa ~/.ssh/id_rsa.pub
  Contains the public key for authentication.
  These files are not
[email protected]@ -1415,8 +1401,6 @@ The file format and configuration option
[email protected]@ -1418,8 +1404,6 @@ The file format and configuration option
  .Pp
  .It Pa /etc/ssh/ssh_host_key
  .It Pa /etc/ssh/ssh_host_dsa_key
@@ -1647,56 +1188,79 @@
  These files contain the private parts of the host keys
  and are used for host-based authentication.
 diff -pur old/ssh.c new/ssh.c
---- old/ssh.c	2013-12-28 22:53:40.000000000 -0800
-+++ new/ssh.c	2015-04-01 03:33:55.003074053 -0700
[email protected]@ -1010,8 +1010,10 @@ main(int ac, char **av)
+--- old/ssh.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh.c	2015-05-12 06:57:55.876878130 -0700
[email protected]@ -1234,8 +1234,10 @@ main(int ac, char **av)
+ 		sensitive_data.keys[1] = key_load_private_cert(KEY_ECDSA,
+ 		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL);
  #endif
- 		sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
- 		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
 +#ifndef WITHOUT_ED25519
- 		sensitive_data.keys[4] = key_load_private_cert(KEY_ED25519,
+ 		sensitive_data.keys[2] = key_load_private_cert(KEY_ED25519,
  		    _PATH_HOST_ED25519_KEY_FILE, "", NULL);
 +#endif /* WITHOUT_ED25519 */
- 		sensitive_data.keys[5] = key_load_private_type(KEY_DSA,
- 		    _PATH_HOST_DSA_KEY_FILE, "", NULL, NULL);
- #ifdef OPENSSL_HAS_ECC
[email protected]@ -1020,8 +1022,10 @@ main(int ac, char **av)
+ 		sensitive_data.keys[3] = key_load_private_cert(KEY_RSA,
+ 		    _PATH_HOST_RSA_KEY_FILE, "", NULL);
+ 		sensitive_data.keys[4] = key_load_private_cert(KEY_DSA,
[email protected]@ -1244,8 +1246,10 @@ main(int ac, char **av)
+ 		sensitive_data.keys[5] = key_load_private_type(KEY_ECDSA,
+ 		    _PATH_HOST_ECDSA_KEY_FILE, "", NULL, NULL);
  #endif
- 		sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
- 		    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
 +#ifndef WITHOUT_ED25519
- 		sensitive_data.keys[8] = key_load_private_type(KEY_ED25519,
+ 		sensitive_data.keys[6] = key_load_private_type(KEY_ED25519,
  		    _PATH_HOST_ED25519_KEY_FILE, "", NULL, NULL);
 +#endif /* WITHOUT_ED25519 */
- 		PRIV_END;
- 
- 		if (options.hostbased_authentication == 1 &&
[email protected]@ -1038,8 +1042,10 @@ main(int ac, char **av)
+ 		sensitive_data.keys[7] = key_load_private_type(KEY_RSA,
+ 		    _PATH_HOST_RSA_KEY_FILE, "", NULL, NULL);
+ 		sensitive_data.keys[8] = key_load_private_type(KEY_DSA,
[email protected]@ -1262,8 +1266,10 @@ main(int ac, char **av)
+ 			sensitive_data.keys[1] = key_load_cert(
+ 			    _PATH_HOST_ECDSA_KEY_FILE);
  #endif
- 			sensitive_data.keys[3] = key_load_cert(
- 			    _PATH_HOST_RSA_KEY_FILE);
 +#ifndef WITHOUT_ED25519
- 			sensitive_data.keys[4] = key_load_cert(
+ 			sensitive_data.keys[2] = key_load_cert(
  			    _PATH_HOST_ED25519_KEY_FILE);
 +#endif /* WITHOUT_ED25519 */
+ 			sensitive_data.keys[3] = key_load_cert(
+ 			    _PATH_HOST_RSA_KEY_FILE);
+ 			sensitive_data.keys[4] = key_load_cert(
[email protected]@ -1272,8 +1278,10 @@ main(int ac, char **av)
  			sensitive_data.keys[5] = key_load_public(
- 			    _PATH_HOST_DSA_KEY_FILE, NULL);
- #ifdef OPENSSL_HAS_ECC
[email protected]@ -1048,8 +1054,10 @@ main(int ac, char **av)
+ 			    _PATH_HOST_ECDSA_KEY_FILE, NULL);
  #endif
++#ifndef WITHOUT_ED25519
+ 			sensitive_data.keys[6] = key_load_public(
+ 			    _PATH_HOST_ED25519_KEY_FILE, NULL);
++#endif /* WITHOUT_ED25519 */
  			sensitive_data.keys[7] = key_load_public(
  			    _PATH_HOST_RSA_KEY_FILE, NULL);
+ 			sensitive_data.keys[8] = key_load_public(
+diff -pur old/ssh_api.c new/ssh_api.c
+--- old/ssh_api.c	2015-03-16 22:49:20.000000000 -0700
++++ new/ssh_api.c	2015-05-12 06:57:55.877368137 -0700
[email protected]@ -109,7 +109,9 @@ ssh_init(struct ssh **sshp, int is_serve
+ 		ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ # endif
+ #endif /* WITH_OPENSSL */
 +#ifndef WITHOUT_ED25519
- 			sensitive_data.keys[8] = key_load_public(
- 			    _PATH_HOST_ED25519_KEY_FILE, NULL);
+ 		ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 +#endif /* WITHOUT_ED25519 */
- 			sensitive_data.external_keysign = 1;
- 		}
+ 		ssh->kex->load_host_public_key=&_ssh_host_public_key;
+ 		ssh->kex->load_host_private_key=&_ssh_host_private_key;
+ 		ssh->kex->sign=&_ssh_host_key_sign;
[email protected]@ -123,7 +125,9 @@ ssh_init(struct ssh **sshp, int is_serve
+ 		ssh->kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ # endif
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 		ssh->kex->kex[KEX_C25519_SHA256] = kexc25519_client;
++#endif /* WITHOUT_ED25519 */
+ 		ssh->kex->verify_host_key =&_ssh_verify_host_key;
  	}
+ 	*sshp = ssh;
 diff -pur old/ssh_config.0 new/ssh_config.0
---- old/ssh_config.0	2014-01-29 17:52:48.000000000 -0800
-+++ new/ssh_config.0	2015-04-02 08:07:55.171885768 -0700
[email protected]@ -409,14 +409,9 @@ DESCRIPTION
+--- old/ssh_config.0	2015-03-17 21:26:36.000000000 -0700
++++ new/ssh_config.0	2015-05-12 07:45:14.754320503 -0700
[email protected]@ -443,14 +443,8 @@ DESCRIPTION
               client wants to use in order of preference.  The default for this
               option is:
  
@@ -1708,37 +1272,35 @@
                  [email protected],[email protected],
 -                ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -                ssh-ed25519,ssh-rsa,ssh-dss
-+                ssh-rsa,ssh-dss
  
               If hostkeys are known for the destination host then this default
               is modified to prefer their algorithms.
[email protected]@ -446,10 +441,10 @@ DESCRIPTION
-              default is ``no''.
[email protected]@ -486,10 +480,10 @@ DESCRIPTION
+              default is M-bM-^@M-^\noM-bM-^@M-^].
  
       IdentityFile
--             Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA
+-             Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA
 +             Specifies a file from which the user's DSA or RSA
               authentication identity is read.  The default is ~/.ssh/identity
 -             for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa,
 -             ~/.ssh/id_ed25519 and ~/.ssh/id_rsa for protocol version 2.
-+             for protocol version 1, and ~/.ssh/id_dsa and ~/.ssh/id_rsa for
-+             protocol version 2.
++             for protocol version 1, and ~/.ssh/id_dsa
++             and ~/.ssh/id_rsa for protocol version 2.
               Additionally, any identities represented by the authentication
               agent will be used for authentication unless IdentitiesOnly is
               set.  ssh(1) will try to load certificate information from the
[email protected]@ -509,8 +504,6 @@ DESCRIPTION
[email protected]@ -549,7 +543,6 @@ DESCRIPTION
               Specifies the available KEX (Key Exchange) algorithms.  Multiple
               algorithms must be comma-separated.  The default is:
  
 -                   [email protected],
--                   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+                    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                     diffie-hellman-group-exchange-sha256,
-                    diffie-hellman-group-exchange-sha1,
                     diffie-hellman-group14-sha1,
 diff -pur old/ssh_config.5 new/ssh_config.5
---- old/ssh_config.5	2015-03-31 21:14:02.439364932 -0700
-+++ new/ssh_config.5	2015-04-02 08:16:12.714886637 -0700
[email protected]@ -729,14 +729,9 @@ Specifies the protocol version 2 host ke
+--- old/ssh_config.5	2015-05-12 06:57:55.750682668 -0700
++++ new/ssh_config.5	2015-05-12 07:52:05.483411337 -0700
[email protected]@ -807,14 +807,8 @@ Specifies the protocol version 2 host ke
  that the client wants to use in order of preference.
  The default for this option is:
  .Bd -literal -offset 3n
@@ -1750,15 +1312,14 @@
  [email protected],[email protected],
 -ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
 -ssh-ed25519,ssh-rsa,ssh-dss
-+ssh-rsa,ssh-dss
  .Ed
  .Pp
  If hostkeys are known for the destination host then this default is modified
[email protected]@ -778,14 +773,12 @@ offers many different identities.
[email protected]@ -869,14 +863,12 @@ offers many different identities.
  The default is
  .Dq no .
  .It Cm IdentityFile
--Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA authentication
+-Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication
 +Specifies a file from which the user's DSA or RSA authentication
  identity is read.
  The default is
@@ -1770,19 +1331,18 @@
  and
  .Pa ~/.ssh/id_rsa
  for protocol version 2.
[email protected]@ -898,8 +891,6 @@ Specifies the available KEX (Key Exchang
[email protected]@ -989,7 +981,6 @@ Specifies the available KEX (Key Exchang
  Multiple algorithms must be comma-separated.
  The default is:
  .Bd -literal -offset indent
 [email protected],
--ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
  diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
  diffie-hellman-group14-sha1,
 diff -pur old/sshconnect.c new/sshconnect.c
---- old/sshconnect.c	2015-03-31 21:14:02.413909705 -0700
-+++ new/sshconnect.c	2015-04-01 04:56:41.997313652 -0700
[email protected]@ -1325,7 +1325,9 @@ show_other_keys(struct hostkeys *hostkey
+--- old/sshconnect.c	2015-03-16 22:49:20.000000000 -0700
++++ new/sshconnect.c	2015-05-12 06:57:55.878078115 -0700
[email protected]@ -1391,7 +1391,9 @@ show_other_keys(struct hostkeys *hostkey
  		KEY_RSA,
  		KEY_DSA,
  		KEY_ECDSA,
@@ -1793,12 +1353,12 @@
  	};
  	int i, ret = 0;
 diff -pur old/sshconnect2.c new/sshconnect2.c
---- old/sshconnect2.c	2015-03-31 21:14:02.440456459 -0700
-+++ new/sshconnect2.c	2015-04-01 04:56:58.805755301 -0700
[email protected]@ -246,7 +246,9 @@ ssh_kex2(char *host, struct sockaddr *ho
- 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_client;
- 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_client;
+--- old/sshconnect2.c	2015-05-12 06:57:55.751927078 -0700
++++ new/sshconnect2.c	2015-05-12 07:03:03.597484825 -0700
[email protected]@ -254,7 +254,9 @@ ssh_kex2(char *host, struct sockaddr *ho
  	kex->kex[KEX_ECDH_SHA2] = kexecdh_client;
+ # endif
+ #endif
 +#ifndef WITHOUT_ED25519
  	kex->kex[KEX_C25519_SHA256] = kexc25519_client;
 +#endif /* WITHOUT_ED25519 */
@@ -1806,9 +1366,9 @@
  	if (options.gss_keyex) {
  		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_client;
 diff -pur old/sshd.0 new/sshd.0
---- old/sshd.0	2014-01-29 17:52:47.000000000 -0800
-+++ new/sshd.0	2015-04-02 08:09:18.391442884 -0700
[email protected]@ -82,8 +82,7 @@ DESCRIPTION
+--- old/sshd.0	2015-03-17 21:26:35.000000000 -0700
++++ new/sshd.0	2015-05-12 07:46:43.700877984 -0700
[email protected]@ -81,8 +81,7 @@ DESCRIPTION
               be given if sshd is not run as root (as the normal host key files
               are normally not readable by anyone but root).  The default is
               /etc/ssh/ssh_host_key for protocol version 1, and
@@ -1818,11 +1378,11 @@
               protocol version 2.  It is possible to have multiple host key
               files for the different protocol versions and host key
               algorithms.
[email protected]@ -148,7 +147,7 @@ DESCRIPTION
[email protected]@ -147,7 +146,7 @@ DESCRIPTION
  AUTHENTICATION
       The OpenSSH SSH daemon supports SSH protocols 1 and 2.  The default is to
       use protocol 2 only, though this can be changed via the Protocol option
--     in sshd_config(5).  Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+-     in sshd_config(5).  Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
 +     in sshd_config(5).  Protocol 2 supports DSA and RSA keys;
       protocol 1 only supports RSA keys.  For both protocols, each host has a
       host-specific key, normally 2048 bits, used to identify the host.
@@ -1831,10 +1391,10 @@
       starts with a number).  The bits, exponent, modulus, and comment fields
       give the RSA key for protocol version 1; the comment field is not used
       for anything (but may be convenient for the user to identify the key).
--     For protocol version 2 the keytype is ``ecdsa-sha2-nistp256'',
--     ``ecdsa-sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-ed25519'',
--     ``ssh-dss'' or ``ssh-rsa''.
-+     For protocol version 2 the keytype is ``ssh-dss'' or ``ssh-rsa''.
+-     For protocol version 2 the keytype is M-bM-^@M-^\ecdsa-sha2-nistp256M-bM-^@M-^],
+-     M-bM-^@M-^\ecdsa-sha2-nistp384M-bM-^@M-^], M-bM-^@M-^\ecdsa-sha2-nistp521M-bM-^@M-^], M-bM-^@M-^\ssh-ed25519M-bM-^@M-^], M-bM-^@M-^\ssh-dssM-bM-^@M-^] or
+-     M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
++     For protocol version 2 the keytype is M-bM-^@M-^\ssh-dssM-bM-^@M-^] or M-bM-^@M-^\ssh-rsaM-bM-^@M-^].
  
       Note that lines in this file are usually several hundred bytes long
       (because of the size of the public key encoding) up to a limit of 8
@@ -1849,12 +1409,12 @@
               for the user, and not accessible by others.
  
       ~/.ssh/authorized_keys
--             Lists the public keys (DSA, ECDSA, ED25519, RSA) that can be used
+-             Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used
 +             Lists the public keys (DSA, RSA) that can be used
               for logging in as this user.  The format of this file is
               described above.  The content of the file is not highly
               sensitive, but the recommended permissions are read/write for the
[email protected]@ -574,8 +571,6 @@ FILES
[email protected]@ -569,8 +566,6 @@ FILES
  
       /etc/ssh/ssh_host_key
       /etc/ssh/ssh_host_dsa_key
@@ -1863,7 +1423,7 @@
       /etc/ssh/ssh_host_rsa_key
               These files contain the private parts of the host keys.  These
               files should only be owned by root, readable only by root, and
[email protected]@ -584,8 +579,6 @@ FILES
[email protected]@ -579,8 +574,6 @@ FILES
  
       /etc/ssh/ssh_host_key.pub
       /etc/ssh/ssh_host_dsa_key.pub
@@ -1873,9 +1433,9 @@
               These files contain the public parts of the host keys.  These
               files should be world-readable but writable only by root.  Their
 diff -pur old/sshd.8 new/sshd.8
---- old/sshd.8	2015-03-31 21:14:02.389944452 -0700
-+++ new/sshd.8	2015-04-02 08:17:21.818430805 -0700
[email protected]@ -175,8 +175,6 @@ The default is
+--- old/sshd.8	2015-05-12 06:57:55.682941332 -0700
++++ new/sshd.8	2015-05-12 07:53:14.229250081 -0700
[email protected]@ -172,8 +172,6 @@ The default is
  .Pa /etc/ssh/ssh_host_key
  for protocol version 1, and
  .Pa /etc/ssh/ssh_host_dsa_key ,
@@ -1884,11 +1444,11 @@
  and
  .Pa /etc/ssh/ssh_host_rsa_key
  for protocol version 2.
[email protected]@ -281,7 +279,7 @@ though this can be changed via the
[email protected]@ -278,7 +276,7 @@ though this can be changed via the
  .Cm Protocol
  option in
  .Xr sshd_config 4 .
--Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys;
+-Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
 +Protocol 2 supports DSA and RSA keys;
  protocol 1 only supports RSA keys.
  For both protocols,
@@ -1917,12 +1477,12 @@
  and not accessible by others.
  .Pp
  .It Pa ~/.ssh/authorized_keys
--Lists the public keys (DSA, ECDSA, ED25519, RSA)
+-Lists the public keys (DSA, ECDSA, Ed25519, RSA)
 +Lists the public keys (DSA, RSA)
  that can be used for logging in as this user.
  The format of this file is described above.
  The content of the file is not highly sensitive, but the recommended
[email protected]@ -888,8 +880,6 @@ rlogin/rsh.
[email protected]@ -882,8 +874,6 @@ rlogin/rsh.
  .Pp
  .It Pa /etc/ssh/ssh_host_key
  .It Pa /etc/ssh/ssh_host_dsa_key
@@ -1931,7 +1491,7 @@
  .It Pa /etc/ssh/ssh_host_rsa_key
  These files contain the private parts of the host keys.
  These files should only be owned by root, readable only by root, and not
[email protected]@ -900,8 +890,6 @@ does not start if these files are group/
[email protected]@ -894,8 +884,6 @@ does not start if these files are group/
  .Pp
  .It Pa /etc/ssh/ssh_host_key.pub
  .It Pa /etc/ssh/ssh_host_dsa_key.pub
@@ -1941,9 +1501,9 @@
  These files contain the public parts of the host keys.
  These files should be world-readable but writable only by
 diff -pur old/sshd.c new/sshd.c
---- old/sshd.c	2015-03-31 21:14:02.441576765 -0700
-+++ new/sshd.c	2015-04-01 03:42:59.569147555 -0700
[email protected]@ -797,7 +797,9 @@ list_hostkey_types(void)
+--- old/sshd.c	2015-05-12 06:57:55.753246429 -0700
++++ new/sshd.c	2015-05-12 07:03:44.715843663 -0700
[email protected]@ -803,7 +803,9 @@ list_hostkey_types(void)
  		case KEY_RSA:
  		case KEY_DSA:
  		case KEY_ECDSA:
@@ -1953,7 +1513,7 @@
  			if (buffer_len(&b) > 0)
  				buffer_append(&b, ",", 1);
  			p = key_ssh_name(key);
[email protected]@ -814,7 +816,9 @@ list_hostkey_types(void)
[email protected]@ -820,7 +822,9 @@ list_hostkey_types(void)
  		case KEY_RSA_CERT:
  		case KEY_DSA_CERT:
  		case KEY_ECDSA_CERT:
@@ -1963,7 +1523,7 @@
  			if (buffer_len(&b) > 0)
  				buffer_append(&b, ",", 1);
  			p = key_ssh_name(key);
[email protected]@ -842,7 +846,9 @@ get_hostkey_by_type(int type, int need_p
[email protected]@ -848,7 +852,9 @@ get_hostkey_by_type(int type, int nid, i
  		case KEY_RSA_CERT:
  		case KEY_DSA_CERT:
  		case KEY_ECDSA_CERT:
@@ -1973,20 +1533,20 @@
  			key = sensitive_data.host_certificates[i];
  			break;
  		default:
[email protected]@ -1719,7 +1725,9 @@ main(int ac, char **av)
[email protected]@ -1798,7 +1804,9 @@ main(int ac, char **av)
  		case KEY_RSA:
  		case KEY_DSA:
  		case KEY_ECDSA:
 +#ifndef WITHOUT_ED25519
  		case KEY_ED25519:
 +#endif /* WITHOUT_ED25519 */
- 			sensitive_data.have_ssh2_key = 1;
+ 			if (have_agent || key != NULL)
+ 				sensitive_data.have_ssh2_key = 1;
  			break;
- 		}
[email protected]@ -2546,7 +2554,9 @@ do_ssh2_kex(void)
- 	kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
- 	kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
[email protected]@ -2644,7 +2652,9 @@ do_ssh2_kex(void)
  	kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
+ # endif
+ #endif
 +#ifndef WITHOUT_ED25519
  	kex->kex[KEX_C25519_SHA256] = kexc25519_server;
 +#endif /* WITHOUT_ED25519 */
@@ -1994,9 +1554,9 @@
  	if (options.gss_keyex) {
  		kex->kex[KEX_GSS_GRP1_SHA1] = kexgss_server;
 diff -pur old/sshd_config.0 new/sshd_config.0
---- old/sshd_config.0	2014-01-29 17:52:48.000000000 -0800
-+++ new/sshd_config.0	2015-04-02 08:09:53.957389224 -0700
[email protected]@ -332,12 +332,11 @@ DESCRIPTION
+--- old/sshd_config.0	2015-03-17 21:26:36.000000000 -0700
++++ new/sshd_config.0	2015-05-12 07:47:28.488941581 -0700
[email protected]@ -375,12 +375,11 @@ DESCRIPTION
       HostKey
               Specifies a file containing a private host key used by SSH.  The
               default is /etc/ssh/ssh_host_key for protocol version 1, and
@@ -2005,25 +1565,33 @@
 +             /etc/ssh/ssh_host_dsa_key and /etc/ssh/ssh_host_rsa_key for
               protocol version 2.  Note that sshd(8) will refuse to use a file
               if it is group/world-accessible.  It is possible to have multiple
-              host key files.  ``rsa1'' keys are used for version 1 and
--             ``dsa'', ``ecdsa'', ``ed25519'' or ``rsa'' are used for version 2
-+             ``dsa'' or ``rsa'' are used for version 2
-              of the SSH protocol.  It is also possible to specify public host
-              key files instead.  In this case operations on the private key
-              will be delegated to an ssh-agent(1).
[email protected]@ -399,8 +398,6 @@ DESCRIPTION
-              Specifies the available KEX (Key Exchange) algorithms.  Multiple
-              algorithms must be comma-separated.  The default is
+-             host key files.  M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^],
+-             M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^] or M-bM-^@M-^\rsaM-bM-^@M-^] are used for version 2 of the SSH
++             host key files.  M-bM-^@M-^\rsa1M-bM-^@M-^] keys are used for version 1 and M-bM-^@M-^\dsaM-bM-^@M-^]
++             or M-bM-^@M-^\rsaM-bM-^@M-^] are used for version 2 of the SSH
+              protocol.  It is also possible to specify public host key files
+              instead.  In this case operations on the private key will be
+              delegated to an ssh-agent(1).
[email protected]@ -448,7 +447,6 @@ DESCRIPTION
+              algorithms must be comma-separated.  The supported algorithms
+              are:
+ 
+-                   [email protected]
+                    diffie-hellman-group1-sha1
+                    diffie-hellman-group14-sha1
+                    diffie-hellman-group-exchange-sha1
[email protected]@ -459,7 +457,6 @@ DESCRIPTION
+ 
+              The default is:
  
 -                   [email protected],
--                   ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+                    ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
                     diffie-hellman-group-exchange-sha256,
-                    diffie-hellman-group-exchange-sha1,
-                    diffie-hellman-group14-sha1,
+                    diffie-hellman-group14-sha1
 diff -pur old/sshd_config.5 new/sshd_config.5
---- old/sshd_config.5	2015-03-31 21:14:02.442624133 -0700
-+++ new/sshd_config.5	2015-04-02 08:16:29.655757790 -0700
[email protected]@ -546,8 +546,6 @@ The default is
+--- old/sshd_config.5	2015-05-12 06:57:55.754541097 -0700
++++ new/sshd_config.5	2015-05-12 07:52:26.170307089 -0700
[email protected]@ -628,8 +628,6 @@ The default is
  .Pa /etc/ssh/ssh_host_key
  for protocol version 1, and
  .Pa /etc/ssh/ssh_host_dsa_key ,
@@ -2032,7 +1600,7 @@
  and
  .Pa /etc/ssh/ssh_host_rsa_key
  for protocol version 2.
[email protected]@ -558,8 +556,6 @@ It is possible to have multiple host key
[email protected]@ -640,8 +638,6 @@ It is possible to have multiple host key
  .Dq rsa1
  keys are used for version 1 and
  .Dq dsa ,
@@ -2041,29 +1609,440 @@
  or
  .Dq rsa
  are used for version 2 of the SSH protocol.
[email protected]@ -669,8 +665,6 @@ Specifies the available KEX (Key Exchang
- Multiple algorithms must be comma-separated.
- The default is
[email protected]@ -764,8 +760,6 @@ The supported algorithms are:
+ .Pp
+ .Bl -item -compact -offset indent
+ .It
[email protected]
+-.It
+ diffie-hellman-group1-sha1
+ .It
+ diffie-hellman-group14-sha1
[email protected]@ -783,7 +777,6 @@ ecdh-sha2-nistp521
+ .Pp
+ The default is:
  .Bd -literal -offset indent
 [email protected],
--ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
+ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
  diffie-hellman-group-exchange-sha256,
- diffie-hellman-group-exchange-sha1,
- diffie-hellman-group14-sha1,
-diff -pur old/verify.c new/verify.c
---- old/verify.c	2014-01-16 17:43:44.000000000 -0800
-+++ new/verify.c	2015-04-01 03:43:49.962792178 -0700
[email protected]@ -9,6 +9,8 @@
+ diffie-hellman-group14-sha1
+diff -pur old/sshkey.c new/sshkey.c
+--- old/sshkey.c	2015-05-12 06:57:55.756061267 -0700
++++ new/sshkey.c	2015-05-27 03:34:57.475875579 -0700
[email protected]@ -85,9 +85,11 @@ struct keytype {
+ 	int cert;
+ };
+ static const struct keytype keytypes[] = {
++#ifndef WITHOUT_ED25519
+ 	{ "ssh-ed25519", "ED25519", KEY_ED25519, 0, 0 },
+ 	{ "[email protected]", "ED25519-CERT",
+ 	    KEY_ED25519_CERT, 0, 1 },
++#endif /* WITHOUT_ED25519 */
+ #ifdef WITH_OPENSSL
+ 	{ NULL, "RSA1", KEY_RSA1, 0, 0 },
+ 	{ "ssh-rsa", "RSA", KEY_RSA, 0, 0 },
[email protected]@ -284,8 +286,10 @@ sshkey_size(const struct sshkey *k)
+ 	case KEY_ECDSA_CERT:
+ 		return sshkey_curve_nid_to_bits(k->ecdsa_nid);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
++#endif /* WITHOUT_ED25519 */
+ 		return 256;	/* XXX */
+ 	}
+ 	return 0;
[email protected]@ -310,7 +314,9 @@ sshkey_type_is_valid_ca(int type)
+ 	case KEY_RSA:
+ 	case KEY_DSA:
+ 	case KEY_ECDSA:
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
++#endif /* WITHOUT_ED25519 */
+ 		return 1;
+ 	default:
+ 		return 0;
[email protected]@ -338,8 +344,10 @@ sshkey_type_plain(int type)
+ 		return KEY_DSA;
+ 	case KEY_ECDSA_CERT:
+ 		return KEY_ECDSA;
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519_CERT:
+ 		return KEY_ED25519;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return type;
+ 	}
[email protected]@ -492,8 +500,10 @@ sshkey_new(int type)
+ 	k->dsa = NULL;
+ 	k->rsa = NULL;
+ 	k->cert = NULL;
++#ifndef WITHOUT_ED25519
+ 	k->ed25519_sk = NULL;
+ 	k->ed25519_pk = NULL;
++#endif /* WITHOUT_ED25519 */
+ 	switch (k->type) {
+ #ifdef WITH_OPENSSL
+ 	case KEY_RSA1:
[email protected]@ -530,10 +540,12 @@ sshkey_new(int type)
+ 		/* Cannot do anything until we know the group */
+ 		break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
+ 		/* no need to prealloc */
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	case KEY_UNSPEC:
+ 		break;
+ 	default:
[email protected]@ -582,10 +594,12 @@ sshkey_add_private(struct sshkey *k)
+ 		/* Cannot do anything until we know the group */
+ 		break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
+ 		/* no need to prealloc */
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	case KEY_UNSPEC:
+ 		break;
+ 	default:
[email protected]@ -639,6 +653,7 @@ sshkey_free(struct sshkey *k)
+ 		break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
+ 		if (k->ed25519_pk) {
[email protected]@ -652,6 +667,7 @@ sshkey_free(struct sshkey *k)
+ 			k->ed25519_sk = NULL;
+ 		}
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	case KEY_UNSPEC:
+ 		break;
+ 	default:
[email protected]@ -731,10 +747,12 @@ sshkey_equal_public(const struct sshkey
+ 		return 1;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
+ 		return a->ed25519_pk != NULL && b->ed25519_pk != NULL &&
+ 		    memcmp(a->ed25519_pk, b->ed25519_pk, ED25519_PK_SZ) == 0;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return 0;
+ 	}
[email protected]@ -773,7 +791,9 @@ to_blob_buf(const struct sshkey *key, st
+ 	case KEY_ECDSA_CERT:
+ 	case KEY_RSA_CERT:
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519_CERT:
++#endif /* WITHOUT_ED25519 */
+ 		/* Use the existing blob */
+ 		/* XXX modified flag? */
+ 		if ((ret = sshbuf_putb(b, key->cert->certblob)) != 0)
[email protected]@ -810,6 +830,7 @@ to_blob_buf(const struct sshkey *key, st
+ 			return ret;
+ 		break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 		if (key->ed25519_pk == NULL)
+ 			return SSH_ERR_INVALID_ARGUMENT;
[email protected]@ -818,6 +839,7 @@ to_blob_buf(const struct sshkey *key, st
+ 		    key->ed25519_pk, ED25519_PK_SZ)) != 0)
+ 			return ret;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return SSH_ERR_KEY_TYPE_UNKNOWN;
+ 	}
[email protected]@ -1291,13 +1313,17 @@ sshkey_read(struct sshkey *ret, char **c
+ 	case KEY_RSA:
+ 	case KEY_DSA:
+ 	case KEY_ECDSA:
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
++#endif /* WITHOUT_ED25519 */
+ 	case KEY_DSA_CERT_V00:
+ 	case KEY_RSA_CERT_V00:
+ 	case KEY_DSA_CERT:
+ 	case KEY_ECDSA_CERT:
+ 	case KEY_RSA_CERT:
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519_CERT:
++#endif /* WITHOUT_ED25519 */
+ 		space = strchr(cp, ' ');
+ 		if (space == NULL)
+ 			return SSH_ERR_INVALID_FORMAT;
[email protected]@ -1389,6 +1415,7 @@ sshkey_read(struct sshkey *ret, char **c
+ 		}
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 		if (sshkey_type_plain(ret->type) == KEY_ED25519) {
+ 			free(ret->ed25519_pk);
+ 			ret->ed25519_pk = k->ed25519_pk;
[email protected]@ -1397,6 +1424,7 @@ sshkey_read(struct sshkey *ret, char **c
+ 			/* XXX */
+ #endif
+ 		}
++#endif /* WITHOUT_ED25519 */
+ 		retval = 0;
+ /*XXXX*/
+ 		sshkey_free(k);
[email protected]@ -1460,8 +1488,10 @@ sshkey_write(const struct sshkey *key, F
+ 	case KEY_RSA_CERT_V00:
+ 	case KEY_RSA_CERT:
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
++#endif /* WITHOUT_ED25519 */
+ 		if ((bb = sshbuf_new()) == NULL) {
+ 			ret = SSH_ERR_ALLOC_FAIL;
+ 			goto out;
[email protected]@ -1671,7 +1701,8 @@ sshkey_generate(int type, u_int bits, st
+ 	if ((k = sshkey_new(KEY_UNSPEC)) == NULL)
+ 		return SSH_ERR_ALLOC_FAIL;
+ 	switch (type) {
+-	case KEY_ED25519:
++#ifndef WITHOUT_ED25519
++		case KEY_ED25519:
+ 		if ((k->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL ||
+ 		    (k->ed25519_sk = malloc(ED25519_SK_SZ)) == NULL) {
+ 			ret = SSH_ERR_ALLOC_FAIL;
[email protected]@ -1680,6 +1711,7 @@ sshkey_generate(int type, u_int bits, st
+ 		crypto_sign_ed25519_keypair(k->ed25519_pk, k->ed25519_sk);
+ 		ret = 0;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ #ifdef WITH_OPENSSL
+ 	case KEY_DSA:
+ 		ret = dsa_generate_private_key(bits, &k->dsa);
[email protected]@ -1817,6 +1849,7 @@ sshkey_from_private(const struct sshkey
+ 		}
+ 		break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
+ 		if ((n = sshkey_new(k->type)) == NULL)
[email protected]@ -1829,6 +1862,7 @@ sshkey_from_private(const struct sshkey
+ 			memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
+ 		}
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return SSH_ERR_KEY_TYPE_UNKNOWN;
+ 	}
[email protected]@ -2100,6 +2134,7 @@ sshkey_from_blob_internal(struct sshbuf
+ 		break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519_CERT:
+ 		/* Skip nonce */
+ 		if (sshbuf_get_string_direct(b, NULL, NULL) != 0) {
[email protected]@ -2121,6 +2156,7 @@ sshkey_from_blob_internal(struct sshbuf
+ 		key->ed25519_pk = pk;
+ 		pk = NULL;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	case KEY_UNSPEC:
+ 		if ((key = sshkey_new(type)) == NULL) {
+ 			ret = SSH_ERR_ALLOC_FAIL;
[email protected]@ -2215,9 +2251,11 @@ sshkey_sign(const struct sshkey *key,
+ 	case KEY_RSA:
+ 		return ssh_rsa_sign(key, sigp, lenp, data, datalen, compat);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
+ 		return ssh_ed25519_sign(key, sigp, lenp, data, datalen, compat);
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return SSH_ERR_KEY_TYPE_UNKNOWN;
+ 	}
[email protected]@ -2249,9 +2287,11 @@ sshkey_verify(const struct sshkey *key,
+ 	case KEY_RSA:
+ 		return ssh_rsa_verify(key, sig, siglen, data, dlen, compat);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 	case KEY_ED25519_CERT:
+ 		return ssh_ed25519_verify(key, sig, siglen, data, dlen, compat);
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return SSH_ERR_KEY_TYPE_UNKNOWN;
+ 	}
[email protected]@ -2275,8 +2315,10 @@ sshkey_demote(const struct sshkey *k, st
+ 	pk->dsa = NULL;
+ 	pk->ecdsa = NULL;
+ 	pk->rsa = NULL;
++#ifndef WITHOUT_ED25519
+ 	pk->ed25519_pk = NULL;
+ 	pk->ed25519_sk = NULL;
++#endif /* WITHOUT_ED25519 */
  
- #include "crypto_api.h"
+ 	switch (k->type) {
+ #ifdef WITH_OPENSSL
[email protected]@ -2328,6 +2370,7 @@ sshkey_demote(const struct sshkey *k, st
+ 		break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519_CERT:
+ 		if ((ret = sshkey_cert_copy(k, pk)) != 0)
+ 			goto fail;
[email protected]@ -2341,6 +2384,7 @@ sshkey_demote(const struct sshkey *k, st
+ 			memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
+ 		}
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		ret = SSH_ERR_KEY_TYPE_UNKNOWN;
+  fail:
[email protected]@ -2371,11 +2415,13 @@ sshkey_to_certified(struct sshkey *k, in
+ 		newtype = KEY_ECDSA_CERT;
+ 		break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 		if (legacy)
+ 			return SSH_ERR_INVALID_ARGUMENT;
+ 		newtype = KEY_ED25519_CERT;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 	}
[email protected]@ -2458,11 +2504,13 @@ sshkey_certify(struct sshkey *k, struct
+ 			goto out;
+ 		break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519_CERT:
+ 		if ((ret = sshbuf_put_string(cert,
+ 		    k->ed25519_pk, ED25519_PK_SZ)) != 0)
+ 			goto out;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		ret = SSH_ERR_INVALID_ARGUMENT;
+ 		goto out;
[email protected]@ -2657,6 +2705,7 @@ sshkey_private_serialize(const struct ss
+ 		break;
+ # endif /* OPENSSL_HAS_ECC */
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 		if ((r = sshbuf_put_string(b, key->ed25519_pk,
+ 		    ED25519_PK_SZ)) != 0 ||
[email protected]@ -2676,6 +2725,7 @@ sshkey_private_serialize(const struct ss
+ 		    ED25519_SK_SZ)) != 0)
+ 			goto out;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		r = SSH_ERR_INVALID_ARGUMENT;
+ 		goto out;
[email protected]@ -2802,6 +2852,7 @@ sshkey_private_deserialize(struct sshbuf
+ 			goto out;
+ 		break;
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 		if ((k = sshkey_new_private(type)) == NULL) {
+ 			r = SSH_ERR_ALLOC_FAIL;
[email protected]@ -2832,6 +2883,7 @@ sshkey_private_deserialize(struct sshbuf
+ 		k->ed25519_sk = ed25519_sk;
+ 		ed25519_pk = ed25519_sk = NULL;
+ 		break;
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		r = SSH_ERR_KEY_TYPE_UNKNOWN;
+ 		goto out;
[email protected]@ -3591,9 +3643,11 @@ sshkey_private_to_fileblob(struct sshkey
+ 		return sshkey_private_pem_to_blob(key, blob,
+ 		    passphrase, comment);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 		return sshkey_private_to_blob2(key, blob, passphrase,
+ 		    comment, new_format_cipher, new_format_rounds);
++#endif /* WITHOUT_ED25519 */
+ 	default:
+ 		return SSH_ERR_KEY_TYPE_UNKNOWN;
+ 	}
[email protected]@ -3899,9 +3953,11 @@ sshkey_parse_private_fileblob_type(struc
+ 		return sshkey_parse_private_pem_fileblob(blob, type,
+ 		    passphrase, keyp);
+ #endif /* WITH_OPENSSL */
++#ifndef WITHOUT_ED25519
+ 	case KEY_ED25519:
+ 		return sshkey_parse_private2(blob, type, passphrase,
+ 		    keyp, commentp);
++#endif /* WITHOUT_ED25519 */
+ 	case KEY_UNSPEC:
+ 		if ((r = sshkey_parse_private2(blob, type, passphrase, keyp,
+ 		    commentp)) == 0)
+diff -pur old/sshkey.h new/sshkey.h
+--- old/sshkey.h	2015-05-12 06:57:55.756485788 -0700
++++ new/sshkey.h	2015-05-12 06:57:55.885805405 -0700
[email protected]@ -57,11 +57,15 @@ enum sshkey_types {
+ 	KEY_RSA,
+ 	KEY_DSA,
+ 	KEY_ECDSA,
++#ifndef WITHOUT_ED25519
+ 	KEY_ED25519,
++#endif /* WITHOUT_ED25519 */
+ 	KEY_RSA_CERT,
+ 	KEY_DSA_CERT,
+ 	KEY_ECDSA_CERT,
++#ifndef WITHOUT_ED25519
+ 	KEY_ED25519_CERT,
++#endif /* WITHOUT_ED25519 */
+ 	KEY_RSA_CERT_V00,
+ 	KEY_DSA_CERT_V00,
+ 	KEY_NULL,
[email protected]@ -106,13 +110,17 @@ struct sshkey {
+ 	DSA	*dsa;
+ 	int	 ecdsa_nid;	/* NID of curve */
+ 	EC_KEY	*ecdsa;
++#ifndef WITHOUT_ED25519
+ 	u_char	*ed25519_sk;
+ 	u_char	*ed25519_pk;
++#endif /* WITHOUT_ED25519 */
+ 	struct sshkey_cert *cert;
+ };
  
 +#ifndef WITHOUT_ED25519
-+
- int crypto_verify_32(const unsigned char *x,const unsigned char *y)
- {
-   unsigned int differentbits = 0;
[email protected]@ -47,3 +49,4 @@ int crypto_verify_32(const unsigned char
-   F(31)
-   return (1 & ((differentbits - 1) >> 8)) - 1;
- }
+ #define	ED25519_SK_SZ	crypto_sign_ed25519_SECRETKEYBYTES
+ #define	ED25519_PK_SZ	crypto_sign_ed25519_PUBLICKEYBYTES
 +#endif /* WITHOUT_ED25519 */
+ 
+ struct sshkey	*sshkey_new(int);
+ int		 sshkey_add_private(struct sshkey *);
[email protected]@ -210,11 +218,13 @@ int ssh_ecdsa_sign(const struct sshkey *
+ int ssh_ecdsa_verify(const struct sshkey *key,
+     const u_char *signature, size_t signaturelen,
+     const u_char *data, size_t datalen, u_int compat);
++#ifndef WITHOUT_ED25519
+ int ssh_ed25519_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
+     const u_char *data, size_t datalen, u_int compat);
+ int ssh_ed25519_verify(const struct sshkey *key,
+     const u_char *signature, size_t signaturelen,
+     const u_char *data, size_t datalen, u_int compat);
++#endif /* WITHOUT_ED25519 */
+ #endif
+ 
+ #if !defined(WITH_OPENSSL)
--- a/components/openssh/patches/025-login_to_a_role.patch	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/patches/025-login_to_a_role.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -10,8 +10,8 @@
 #     https://bugzilla.mindrot.org/show_bug.cgi?id=2378
 #
 diff -pur old/auth-pam.c new/auth-pam.c
---- old/auth-pam.c	2015-04-13 07:40:15.102801416 -0700
-+++ new/auth-pam.c	2015-04-13 07:40:15.170507123 -0700
+--- old/auth-pam.c	2015-05-21 04:08:41.910932322 -0700
++++ new/auth-pam.c	2015-05-21 04:08:42.024831668 -0700
 @@ -1038,6 +1038,20 @@ do_pam_account(void)
  	return (sshpam_account_status);
  }
@@ -34,8 +34,8 @@
  do_pam_set_tty(const char *tty)
  {
 diff -pur old/auth-pam.h new/auth-pam.h
---- old/auth-pam.h	2004-09-11 05:17:26.000000000 -0700
-+++ new/auth-pam.h	2015-04-13 07:40:15.170675124 -0700
+--- old/auth-pam.h	2015-03-16 22:49:20.000000000 -0700
++++ new/auth-pam.h	2015-05-21 04:08:42.025160216 -0700
 @@ -35,6 +35,9 @@ void start_pam(Authctxt *);
  void finish_pam(void);
  u_int do_pam_account(void);
@@ -47,9 +47,9 @@
  void do_pam_setcred(int );
  void do_pam_chauthtok(void);
 diff -pur old/auth.h new/auth.h
---- old/auth.h	2015-04-13 07:40:15.102912510 -0700
-+++ new/auth.h	2015-04-13 07:40:15.170773363 -0700
[email protected]@ -79,6 +79,9 @@ struct Authctxt {
+--- old/auth.h	2015-05-21 04:08:41.911346027 -0700
++++ new/auth.h	2015-05-21 04:08:42.025504068 -0700
[email protected]@ -84,6 +84,9 @@ struct Authctxt {
  #ifdef PAM_ENHANCEMENT
          char            *authmethod_name;
  #endif 
@@ -60,9 +60,9 @@
  /*
   * Every authentication method has to handle authentication requests for
 diff -pur old/auth2-hostbased.c new/auth2-hostbased.c
---- old/auth2-hostbased.c	2013-12-30 17:25:41.000000000 -0800
-+++ new/auth2-hostbased.c	2015-04-13 07:40:15.170883166 -0700
[email protected]@ -83,6 +83,9 @@ userauth_hostbased(Authctxt *authctxt)
+--- old/auth2-hostbased.c	2015-03-16 22:49:20.000000000 -0700
++++ new/auth2-hostbased.c	2015-05-21 04:08:42.026208843 -0700
[email protected]@ -85,6 +85,9 @@ userauth_hostbased(Authctxt *authctxt)
  	buffer_dump(&b);
  	buffer_free(&b);
  #endif
@@ -72,7 +72,7 @@
  	pktype = key_type_from_name(pkalg);
  	if (pktype == KEY_UNSPEC) {
  		/* this is perfectly legal */
[email protected]@ -133,6 +136,13 @@ userauth_hostbased(Authctxt *authctxt)
[email protected]@ -143,6 +146,13 @@ userauth_hostbased(Authctxt *authctxt)
  			buffer_len(&b))) == 1)
  		authenticated = 1;
  
@@ -87,9 +87,9 @@
  done:
  	debug2("userauth_hostbased: authenticated %d", authenticated);
 diff -pur old/auth2.c new/auth2.c
---- old/auth2.c	2015-04-13 07:40:15.125748357 -0700
-+++ new/auth2.c	2015-04-13 07:54:08.589929143 -0700
[email protected]@ -347,6 +347,14 @@ userauth_finish(Authctxt *authctxt, int
+--- old/auth2.c	2015-05-21 04:08:41.947286493 -0700
++++ new/auth2.c	2015-05-21 04:08:42.026846014 -0700
[email protected]@ -339,6 +339,14 @@ userauth_finish(Authctxt *authctxt, int
  #endif
  	}
  
@@ -105,9 +105,9 @@
  
  #if defined(USE_PAM) && defined(PAM_ENHANCEMENT)
 diff -pur old/config.h.in new/config.h.in
---- old/config.h.in	2015-04-13 07:40:15.118922540 -0700
-+++ new/config.h.in	2015-04-13 07:40:15.171493102 -0700
[email protected]@ -814,6 +814,9 @@
+--- old/config.h.in	2015-05-21 04:08:41.938119429 -0700
++++ new/config.h.in	2015-05-21 04:08:42.027796887 -0700
[email protected]@ -827,6 +827,9 @@
  /* Define if you have Digital Unix Security Integration Architecture */
  #undef HAVE_OSF_SIA
  
@@ -118,20 +118,20 @@
  #undef HAVE_PAM_GETENVLIST
  
 diff -pur old/configure new/configure
---- old/configure	2015-04-13 07:40:15.121667931 -0700
-+++ new/configure	2015-04-13 07:40:15.174438856 -0700
[email protected]@ -7799,6 +7799,7 @@ fi
- 
-         $as_echo "#define USE_GSS_STORE_CRED 1" >>confdefs.h
-         $as_echo "#define GSSAPI_STORECREDS_NEEDS_RUID 1" >>confdefs.h
-+        $as_echo "#define HAVE_PAM_AUSER 1" >>confdefs.h
+--- old/configure	2015-05-21 04:08:41.952127851 -0700
++++ new/configure	2015-05-21 04:09:34.214165539 -0700
[email protected]@ -10872,6 +10872,7 @@ fi
+ cat >>confdefs.h <<\_ACEOF
+ #define	USE_GSS_STORE_CRED 1
+ #define	GSSAPI_STORECREDS_NEEDS_RUID 1
++#define HAVE_PAM_AUSER 1
+ _ACEOF
  
  	TEST_SHELL=$SHELL	# let configure find us a capable shell
- 	;;
 diff -pur old/configure.ac new/configure.ac
---- old/configure.ac	2015-04-13 07:40:15.085660430 -0700
-+++ new/configure.ac	2015-04-13 07:40:15.175130655 -0700
[email protected]@ -868,6 +868,7 @@ mips-sony-bsd|mips-sony-newsos4)
+--- old/configure.ac	2015-05-21 04:08:41.886514252 -0700
++++ new/configure.ac	2015-05-21 04:08:42.052981088 -0700
[email protected]@ -904,6 +904,7 @@ mips-sony-bsd|mips-sony-newsos4)
  	TEST_SHELL=$SHELL	# let configure find us a capable shell
          AC_DEFINE([USE_GSS_STORE_CRED])
          AC_DEFINE([GSSAPI_STORECREDS_NEEDS_RUID])
@@ -140,10 +140,10 @@
  *-*-sunos4*)
  	CPPFLAGS="$CPPFLAGS -DSUNOS4"
 diff -pur old/monitor.c new/monitor.c
---- old/monitor.c	2015-04-13 07:40:15.136922050 -0700
-+++ new/monitor.c	2015-04-13 07:40:15.175533060 -0700
[email protected]@ -490,6 +490,12 @@ monitor_child_preauth(Authctxt *_authctx
- #endif
+--- old/monitor.c	2015-05-21 04:08:41.964048305 -0700
++++ new/monitor.c	2015-05-21 04:08:42.054374639 -0700
[email protected]@ -461,6 +461,12 @@ monitor_child_preauth(Authctxt *_authctx
+ 		}
  	}
  
 +#if defined(HAVE_PAM_AUSER) && defined(USE_PAM)
@@ -155,7 +155,7 @@
  	if (!authctxt->valid)
  		fatal("%s: authenticated invalid user", __func__);
  	if (strcmp(auth_method, "unknown") == 0)
[email protected]@ -699,12 +705,14 @@ monitor_reset_key_state(void)
[email protected]@ -694,12 +700,14 @@ monitor_reset_key_state(void)
  {
  	/* reset state */
  	free(key_blob);
@@ -171,7 +171,7 @@
  	hostbased_chost = NULL;
  }
  
[email protected]@ -1111,6 +1119,11 @@ mm_answer_pam_account(int sock, Buffer *
[email protected]@ -1146,6 +1154,11 @@ mm_answer_pam_account(int sock, Buffer *
  	if (!options.use_pam)
  		fatal("UsePAM not set, but ended up in %s anyway", __func__);
  
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/027-missing_include.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -0,0 +1,27 @@
+#
+# This patch adds a missing include to avoid compilation error.
+#
+# Recently, OpenSSH includes were refactored, so that header files no longer
+# include system header files. System header files are now included in
+# sources only.
+#
+# kex.h references sig_atomic_t, but no longer includes signal.h.
+# Now every file including kex.h must include signal.h. gss-genr.c failed
+# to do so, which resulted in unknown type compilation error.
+#
+# The patch has been accepted by upstream and will be part of 6.9 release.
+#    https://bugzilla.mindrot.org/show_bug.cgi?id=2402
+#
+# When upgrading to some release >=6.9, this patch will be dropped.
+#
+--- a/gss-genr.c	
++++ a/gss-genr.c	
[email protected]@ -34,6 +34,7 @@ 
+ #include <limits.h>
+ #include <stdarg.h>
+ #include <string.h>
++#include <signal.h>
+ #include <unistd.h>
+ 
+ #include "xmalloc.h"
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssh/patches/028-relax_bits_needed_check.patch	Thu Jun 18 07:01:42 2015 -0700
@@ -0,0 +1,23 @@
+#
+# Relax bits needed check to allow diffie-hellman-group1-sha1 key exchange to
+# complete when chacha20-poly1305 was selected as the cipher.
+# 
+# OpenSSH 6.8 regression causing test case failure.
+# 
+# Fixed in 6.9:
+# https://github.com/openssh/openssh-portable/commit/b8afbe2c1aaf573565e4da775261dfafc8b1ba9c
+# 
+# This patch will be removed when upgrading to 6.9 or higher.
+# 
+diff -pur old/dh.c new/dh.c
+--- old/dh.c	2015-03-16 22:49:20.000000000 -0700
++++ new/dh.c	2015-06-01 05:24:39.007860187 -0700
[email protected]@ -261,7 +261,7 @@ dh_gen_key(DH *dh, int need)
+ 
+ 	if (need < 0 || dh->p == NULL ||
+ 	    (pbits = BN_num_bits(dh->p)) <= 0 ||
+-	    need > INT_MAX / 2 || 2 * need >= pbits)
++	    need > INT_MAX / 2 || 2 * need > pbits)
+ 		return SSH_ERR_INVALID_ARGUMENT;
+ 	dh->length = MIN(need * 2, pbits - 1);
+ 	if (DH_generate_key(dh) == 0 ||
--- a/components/openssh/sources/kexgssc.c	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/sources/kexgssc.c	Thu Jun 18 07:01:42 2015 -0700
@@ -22,6 +22,15 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * May 22, 2015
+ * In version 6.8 a new packet interface has been introduced to OpenSSH,
+ * while the old packet API has been provided in opacket.c.
+ * At this moment we are not rewritting GSS-API key exchange code to the new
+ * API, just adjusting it to still work with new struct ssh.
+ * Rewritting to the new API can be considered in the future.
+ */
+
 #include "includes.h"
 
 #ifdef GSSAPI
@@ -31,6 +40,7 @@
 #include <openssl/crypto.h>
 #include <openssl/bn.h>
 
+#include <signal.h>	/* for sig_atomic_t in kex.h */
 #include <string.h>
 
 #include "xmalloc.h"
@@ -38,6 +48,7 @@
 #include "ssh2.h"
 #include "key.h"
 #include "cipher.h"
+#include "digest.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
@@ -45,19 +56,19 @@
 
 #include "ssh-gss.h"
 
-void
-kexgss_client(Kex *kex) {
+int
+kexgss_client(struct ssh *ssh) {
 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 	gss_buffer_desc recv_tok, gssbuf, msg_tok, *token_ptr;
 	Gssctxt *ctxt;
 	OM_uint32 maj_status, min_status, ret_flags;
-	uint_t klen, kout, slen = 0, hashlen, strlen;
+	uint_t klen, kout, slen = 0, strlen;
 	DH *dh;
 	BIGNUM *dh_server_pub = NULL;
 	BIGNUM *shared_secret = NULL;
 	BIGNUM *p = NULL;
 	BIGNUM *g = NULL;
-	uchar_t *kbuf, *hash;
+	uchar_t *kbuf;
 	uchar_t *serverhostkey = NULL;
 	uchar_t *empty = "";
 	char *msg;
@@ -65,6 +76,10 @@
 	int type = 0;
 	int first = 1;
 	int nbits = 0, min = DH_GRP_MIN, max = DH_GRP_MAX;
+	struct kex *kex = ssh->kex;
+	int r;
+	uchar_t hash[SSH_DIGEST_MAX_LENGTH];
+	size_t hashlen;
 
 	/* Initialise our GSSAPI world */
 	ssh_gssapi_build_ctx(&ctxt);
@@ -77,10 +92,10 @@
 
 	switch (kex->kex_type) {
 	case KEX_GSS_GRP1_SHA1:
-		dh = dh_new_group1();
+		kex->dh = dh_new_group1();
 		break;
 	case KEX_GSS_GRP14_SHA1:
-		dh = dh_new_group14();
+		kex->dh = dh_new_group14();
 		break;
 	case KEX_GSS_GEX_SHA1:
 		debug("Doing group exchange\n");
@@ -106,14 +121,14 @@
 			fatal("GSSGRP_GEX group out of range: %d !< %d !< %d",
 			    min, BN_num_bits(p), max);
 
-		dh = dh_new_group(g, p);
+		kex->dh = dh_new_group(g, p);
 		break;
 	default:
 		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
 	}
 
 	/* Step 1 - e is dh->pub_key */
-	dh_gen_key(dh, kex->we_need * 8);
+	dh_gen_key(kex->dh, kex->we_need * 8);
 
 	/* This is f, we initialise it now to make life easier */
 	dh_server_pub = BN_new();
@@ -161,7 +176,7 @@
 				packet_start(SSH2_MSG_KEXGSS_INIT);
 				packet_put_string(send_tok.value,
 				    send_tok.length);
-				packet_put_bignum2(dh->pub_key);
+				packet_put_bignum2(kex->dh->pub_key);
 				first = 0;
 			} else {
 				packet_start(SSH2_MSG_KEXGSS_CONTINUE);
@@ -245,13 +260,13 @@
 		fatal("Didn't receive SSH2_MSG_KEXGSS_COMPLETE when expected");
 
 	/* Check f in range [1, p-1] */
-	if (!dh_pub_is_valid(dh, dh_server_pub))
+	if (!dh_pub_is_valid(kex->dh, dh_server_pub))
 		packet_disconnect("bad server public DH value");
 
 	/* compute K=f^x mod p */
-	klen = DH_size(dh);
+	klen = DH_size(kex->dh);
 	kbuf = xmalloc(klen);
-	kout = DH_compute_key(kbuf, dh_server_pub, dh);
+	kout = DH_compute_key(kbuf, dh_server_pub, kex->dh);
 	if (kout < 0)
 		fatal("DH_compute_key: failed");
 
@@ -265,33 +280,34 @@
 	memset(kbuf, 0, klen);
 	free(kbuf);
 
+	hashlen = sizeof (hash);
 	switch (kex->kex_type) {
 	case KEX_GSS_GRP1_SHA1:
 	case KEX_GSS_GRP14_SHA1:
 		kex_dh_hash(kex->client_version_string,
 		    kex->server_version_string,
-		    buffer_ptr(&kex->my), buffer_len(&kex->my),
-		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+		    buffer_ptr(kex->my), buffer_len(kex->my),
+		    buffer_ptr(kex->peer), buffer_len(kex->peer),
 		    (serverhostkey ? serverhostkey : empty), slen,
-		    dh->pub_key,	/* e */
+		    kex->dh->pub_key,	/* e */
 		    dh_server_pub,	/* f */
 		    shared_secret,	/* K */
-		    &hash, &hashlen);
+		    hash, &hashlen);
 		break;
 	case KEX_GSS_GEX_SHA1:
 		kexgex_hash(
 		    kex->hash_alg,
 		    kex->client_version_string,
 		    kex->server_version_string,
-		    buffer_ptr(&kex->my), buffer_len(&kex->my),
-		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
+		    buffer_ptr(kex->my), buffer_len(kex->my),
+		    buffer_ptr(kex->peer), buffer_len(kex->peer),
 		    (serverhostkey ? serverhostkey : empty), slen,
 		    min, nbits, max,
-		    dh->p, dh->g,
-		    dh->pub_key,
+		    kex->dh->p, kex->dh->g,
+		    kex->dh->pub_key,
 		    dh_server_pub,
 		    shared_secret,
-		    &hash, &hashlen);
+		    hash, &hashlen);
 		break;
 	default:
 		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
@@ -306,7 +322,7 @@
 
 	free(msg_tok.value);
 
-	DH_free(dh);
+	DH_free(kex->dh);
 	if (serverhostkey)
 		free(serverhostkey);
 	BN_clear_free(dh_server_pub);
@@ -323,9 +339,9 @@
 	else
 		ssh_gssapi_delete_ctx(&ctxt);
 
-	kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
-	BN_clear_free(shared_secret);
-	kex_finish(kex);
+	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
+		r = kex_send_newkeys(ssh);
+	return (r);
 }
 
 #endif /* GSSAPI */
--- a/components/openssh/sources/kexgsss.c	Wed Jun 17 14:55:22 2015 -0700
+++ b/components/openssh/sources/kexgsss.c	Thu Jun 18 07:01:42 2015 -0700
@@ -22,10 +22,20 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
+/*
+ * May 22, 2015
+ * In version 6.8 a new packet interface has been introduced to OpenSSH,
+ * while the old packet API has been provided in opacket.c.
+ * At this moment we are not rewritting GSS-API key exchange code to the new
+ * API, just adjusting it to still work with new struct ssh.
+ * Rewritting to the new API can be considered in the future.
+ */
+
 #include "includes.h"
 
 #ifdef GSSAPI
 
+#include <signal.h>	/* for sig_atomic_t in kex.h */
 #include <string.h>
 
 #include <openssl/crypto.h>
@@ -36,6 +46,7 @@
 #include "ssh2.h"
 #include "key.h"
 #include "cipher.h"
+#include "digest.h"
 #include "kex.h"
 #include "log.h"
 #include "packet.h"
@@ -43,8 +54,8 @@
 #include "ssh-gss.h"
 #include "monitor_wrap.h"
 
-void
-kexgss_server(Kex *kex)
+int
+kexgss_server(struct ssh *ssh)
 {
 	OM_uint32 maj_status, min_status;
 
@@ -59,8 +70,8 @@
 	gss_buffer_desc gssbuf, recv_tok, msg_tok;
 	gss_buffer_desc send_tok = GSS_C_EMPTY_BUFFER;
 	Gssctxt *ctxt = NULL;
-	uint_t slen, klen, kout, hashlen;
-	uchar_t *kbuf, *hash;
+	uint_t slen, klen, kout;
+	uchar_t *kbuf;
 	DH *dh;
 	int min = -1, max = -1, nbits = -1;
 	BIGNUM *shared_secret = NULL;
@@ -68,6 +79,10 @@
 	int type = 0;
 	gss_OID oid;
 	char *mechs;
+	struct kex *kex = ssh->kex;
+	int r;
+	uchar_t hash[SSH_DIGEST_MAX_LENGTH];
+	size_t hashlen;
 
 	/* Initialise GSSAPI */
 
@@ -92,10 +107,10 @@
 
 	switch (kex->kex_type) {
 	case KEX_GSS_GRP1_SHA1:
-		dh = dh_new_group1();
+		kex->dh = dh_new_group1();
 		break;
 	case KEX_GSS_GRP14_SHA1:
-		dh = dh_new_group14();
+		kex->dh = dh_new_group14();
 		break;
 	case KEX_GSS_GEX_SHA1:
 		debug("Doing group exchange");
@@ -109,14 +124,14 @@
 		if (max < min || nbits < min || max < nbits)
 			fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
 			    min, nbits, max);
-		dh = PRIVSEP(choose_dh(min, nbits, max));
-		if (dh == NULL)
+		kex->dh = PRIVSEP(choose_dh(min, nbits, max));
+		if (kex->dh == NULL)
 			packet_disconnect("Protocol error:"
 			    " no matching group found");
 
 		packet_start(SSH2_MSG_KEXGSS_GROUP);
-		packet_put_bignum2(dh->p);
-		packet_put_bignum2(dh->g);
+		packet_put_bignum2(kex->dh->p);
+		packet_put_bignum2(kex->dh->g);
 		packet_send();
 
 		packet_write_wait();
@@ -125,7 +140,7 @@
 		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
 	}
 
-	dh_gen_key(dh, kex->we_need * 8);
+	dh_gen_key(kex->dh, kex->we_need * 8);
 
 	do {
 		debug("Wait SSH2_MSG_GSSAPI_INIT");
@@ -190,12 +205,12 @@
 	if (!(ret_flags & GSS_C_INTEG_FLAG))
 		fatal("Integrity flag wasn't set");
 
-	if (!dh_pub_is_valid(dh, dh_client_pub))
+	if (!dh_pub_is_valid(kex->dh, dh_client_pub))
 		packet_disconnect("bad client public DH value");
 
-	klen = DH_size(dh);
+	klen = DH_size(kex->dh);
 	kbuf = xmalloc(klen);
-	kout = DH_compute_key(kbuf, dh_client_pub, dh);
+	kout = DH_compute_key(kbuf, dh_client_pub, kex->dh);
 	if (kout < 0)
 		fatal("DH_compute_key: failed");
 
@@ -209,30 +224,31 @@
 	memset(kbuf, 0, klen);
 	free(kbuf);
 
+	hashlen = sizeof (hash);
 	switch (kex->kex_type) {
 	case KEX_GSS_GRP1_SHA1:
 	case KEX_GSS_GRP14_SHA1:
 		kex_dh_hash(
 		    kex->client_version_string, kex->server_version_string,
-		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
-		    buffer_ptr(&kex->my), buffer_len(&kex->my),
+		    buffer_ptr(kex->peer), buffer_len(kex->peer),
+		    buffer_ptr(kex->my), buffer_len(kex->my),
 		    NULL, 0, /* Change this if we start sending host keys */
-		    dh_client_pub, dh->pub_key, shared_secret,
-		    &hash, &hashlen);
+		    dh_client_pub, kex->dh->pub_key, shared_secret,
+		    hash, &hashlen);
 		break;
 	case KEX_GSS_GEX_SHA1:
 		kexgex_hash(
 		    kex->hash_alg,
 		    kex->client_version_string, kex->server_version_string,
-		    buffer_ptr(&kex->peer), buffer_len(&kex->peer),
-		    buffer_ptr(&kex->my), buffer_len(&kex->my),
+		    buffer_ptr(kex->peer), buffer_len(kex->peer),
+		    buffer_ptr(kex->my), buffer_len(kex->my),
 		    NULL, 0,
 		    min, nbits, max,
-		    dh->p, dh->g,
+		    kex->dh->p, kex->dh->g,
 		    dh_client_pub,
-		    dh->pub_key,
+		    kex->dh->pub_key,
 		    shared_secret,
-		    &hash, &hashlen);
+		    hash, &hashlen);
 		break;
 	default:
 		fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
@@ -253,7 +269,7 @@
 		fatal("Couldn't get MIC");
 
 	packet_start(SSH2_MSG_KEXGSS_COMPLETE);
-	packet_put_bignum2(dh->pub_key);
+	packet_put_bignum2(kex->dh->pub_key);
 	packet_put_string(msg_tok.value, msg_tok.length);
 
 	if (send_tok.length != 0) {
@@ -272,10 +288,10 @@
 	else
 		ssh_gssapi_delete_ctx(&ctxt);
 
-	DH_free(dh);
+	DH_free(kex->dh);
 
-	kex_derive_keys_bn(kex, hash, hashlen, shared_secret);
-	BN_clear_free(shared_secret);
-	kex_finish(kex);
+	if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
+		r = kex_send_newkeys(ssh);
+	return (r);
 }
 #endif /* GSSAPI */